Vulnerabilities > Getgrav

DATE CVE VULNERABILITY TITLE RISK
2022-03-15 CVE-2022-0970 Cross-site Scripting vulnerability in Getgrav Grav
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
network
low complexity
getgrav CWE-79
5.4
2022-02-28 CVE-2022-0743 Cross-site Scripting vulnerability in Getgrav Grav
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
network
low complexity
getgrav CWE-79
4.6
2022-01-25 CVE-2022-0268 Cross-site Scripting vulnerability in Getgrav Grav
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
network
low complexity
getgrav CWE-79
5.4
2021-11-19 CVE-2021-3920 Cross-site Scripting vulnerability in Getgrav Grav-Plugin-Admin
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
getgrav CWE-79
5.4
2021-11-05 CVE-2021-3924 Path Traversal vulnerability in Getgrav Grav
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
network
low complexity
getgrav CWE-22
7.5
2021-10-27 CVE-2021-3904 Cross-site Scripting vulnerability in Getgrav Grav
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
getgrav CWE-79
5.4
2021-09-27 CVE-2021-3799 Improper Restriction of Rendered UI Layers or Frames vulnerability in Getgrav Grav-Plugin-Admin
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
network
low complexity
getgrav CWE-1021
5.4
2021-09-27 CVE-2021-3818 Reliance on Cookies without Validation and Integrity Checking vulnerability in Getgrav Grav
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
network
low complexity
getgrav CWE-565
5.3
2021-04-13 CVE-2021-29440 Code Injection vulnerability in Getgrav Grav
Grav is a file based Web-platform.
network
low complexity
getgrav CWE-94
7.2
2021-04-13 CVE-2021-29439 Incorrect Authorization vulnerability in Getgrav Grav Admin
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges.
network
low complexity
getgrav CWE-863
7.2