CVE-2025-65186

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.

getgrav/grav
getgrav/grav
Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig, and Symfony
GitHubGitHub
15.5K
lukehebe/Vulnerability-Disclosures
lukehebe/Vulnerability-Disclosures
List of short writeups containing vulnerabilities I found
GitHubGitHub
5