Vulnerabilities > Getgrav > Grav > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-31506 Cross-site Scripting vulnerability in Getgrav Grav
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
network
low complexity
getgrav CWE-79
5.4
5.4
2023-06-14 CVE-2023-34452 Cross-site Scripting vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav CWE-79
6.1
6.1
2022-06-29 CVE-2022-2073 Code Injection vulnerability in Getgrav Grav
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
network
low complexity
getgrav CWE-94
6.5
6.5
2021-11-05 CVE-2021-3924 Path Traversal vulnerability in Getgrav Grav
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
network
low complexity
getgrav CWE-22
5.0
5.0
2021-09-27 CVE-2021-3818 Reliance on Cookies without Validation and Integrity Checking vulnerability in Getgrav Grav
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
network
low complexity
getgrav CWE-565
5.0
5.0
2020-04-04 CVE-2020-11529 Open Redirect vulnerability in Getgrav Grav
Common/Grav.php in Grav before 1.7 has an Open Redirect.
network
getgrav CWE-601
5.8
5.8