Vulnerabilidades em getgrav
61 resultadosCVE-2022-1173HIGHstored xss in getgrav/gravEPSS 1.5%CVE-2022-0268MEDIUMCross-site Scripting (XSS) - Stored in getgrav/gravEPSS 1.4%CVE-2024-28117HIGHGrav vulnerable to Server Side Template Injection (SSTI)EPSS 1.4%CVE-2024-27923HIGHRemote Code Execution by uploading a phar file using frontmatterEPSS 1.4%CVE-2022-0743MEDIUMCross-site Scripting (XSS) - Stored in getgrav/gravEPSS 1.3%CVE-2021-3920MEDIUMCross-site Scripting (XSS) - Stored in getgrav/grav-plugin-adminEPSS 1.3%CVE-2025-66301HIGHGrav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actionsEPSS 1.2%CVE-2024-28118HIGHGrav vulnerable to Server Side Template Injection (SSTI)EPSS 1.2%CVE-2026-42613CRITICALGrav: Privilege Escalation via Missing Server-Side Validation of groups/accessEPSS 0.9%CVE-2025-66297HIGHGrav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig InjectionEPSS 0.7%CVE-2026-42845HIGHGrav: Anonymous Page Content Overwrite via Form File Upload filename OverrideEPSS 0.6%CVE-2023-34452MEDIUMGrav vulnerable to Self Cross Site Scripting in /forgot_passwordEPSS 0.6%CVE-2021-3904MEDIUMCross-site Scripting (XSS) - Stored in getgrav/gravEPSS 0.6%CVE-2020-36955MEDIUMGrav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site ScriptingEPSS 0.6%CVE-2026-42608HIGHGrav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.EPSS 0.5%CVE-2025-66299HIGHSecurity Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMSEPSS 0.5%CVE-2025-66295HIGHGrav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System CorruptionEPSS 0.5%CVE-2026-42609HIGHGrav: Administrative Account Disruption and Privilege De-escalation via User Overwrite LogicEPSS 0.5%CVE-2025-66302MEDIUMGrav vulnerable to Path Traversal allowing server files backupEPSS 0.4%CVE-2026-42841MEDIUMGrav: Stored XSS via Markdown media attribute() action in Grav CMSEPSS 0.4%