Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| getgrav/grav(Packagist) | 0 | N/A | N/A |
CVSS Metrics
