← volver
CVE-2020-37256

Grav - Cross-Site Scripting in Admin Plugin Page Editor

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Grav · Grav

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9https://www.vulncheck.com/advisories/grav-cross-site-scripting-in-admin-plugin-page-editor