Vulnerabilities > Getgrav > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-31506 Cross-site Scripting vulnerability in Getgrav Grav
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
network
low complexity
getgrav CWE-79
5.4
5.4
2023-11-22 CVE-2023-49146 Cross-site Scripting vulnerability in Getgrav Dom-Sanitizer
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.
network
low complexity
getgrav CWE-79
6.1
6.1
2023-06-14 CVE-2023-34452 Unspecified vulnerability in Getgrav Grav
Grav is a flat-file content management system.
network
low complexity
getgrav
6.1
6.1
2022-04-26 CVE-2022-1173 Cross-site Scripting vulnerability in Getgrav Grav
stored xss in GitHub repository getgrav/grav prior to 1.7.33.
network
low complexity
getgrav CWE-79
5.4
5.4
2022-03-15 CVE-2022-0970 Cross-site Scripting vulnerability in Getgrav Grav
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
network
low complexity
getgrav CWE-79
5.4
5.4
2022-02-28 CVE-2022-0743 Cross-site Scripting vulnerability in Getgrav Grav
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
network
low complexity
getgrav CWE-79
4.6
4.6
2022-01-25 CVE-2022-0268 Unspecified vulnerability in Getgrav Grav
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
network
low complexity
getgrav
5.4
5.4
2021-11-19 CVE-2021-3920 Cross-site Scripting vulnerability in Getgrav Grav-Plugin-Admin
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
getgrav CWE-79
5.4
5.4
2021-10-27 CVE-2021-3904 Unspecified vulnerability in Getgrav Grav
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
getgrav
5.4
5.4
2021-09-27 CVE-2021-3799 Improper Restriction of Rendered UI Layers or Frames vulnerability in Getgrav Grav-Plugin-Admin
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
network
low complexity
getgrav CWE-1021
5.4
5.4