Vulnerabilities > Getgrav

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-31506 Cross-site Scripting vulnerability in Getgrav Grav
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
network
low complexity
getgrav CWE-79
5.4
2023-11-22 CVE-2023-49146 Cross-site Scripting vulnerability in Getgrav Dom-Sanitizer
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.
network
low complexity
getgrav CWE-79
6.1
2023-07-18 CVE-2023-37897 Return of Wrong Status Code vulnerability in Getgrav Grav 1.7.42/1.7.42.1
Grav is a file-based Web-platform built in PHP.
network
low complexity
getgrav CWE-393
8.8
2023-06-14 CVE-2023-34253 Code Injection vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav CWE-94
7.2
2023-06-14 CVE-2023-34448 Code Injection vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav CWE-94
7.2
2023-06-14 CVE-2023-34452 Cross-site Scripting vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav CWE-79
6.1
2023-06-14 CVE-2023-34251 Code Injection vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav CWE-94
7.2
2023-06-14 CVE-2023-34252 Code Injection vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav CWE-94
7.2
2022-06-29 CVE-2022-2073 Code Injection vulnerability in Getgrav Grav
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
network
low complexity
getgrav CWE-94
6.5
2022-04-26 CVE-2022-1173 Cross-site Scripting vulnerability in Getgrav Grav
stored xss in GitHub repository getgrav/grav prior to 1.7.33.
network
getgrav CWE-79
3.5