Medium severity6.1NVD Advisory· Published Mar 19, 2018· Updated Jun 17, 2026
CVE-2018-5233
CVE-2018-5233
Description
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
getgrav/gravPackagist | < 1.3.0 | 1.3.0 |
Affected products
1Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2018/03/15/1nvdExploitMailing ListThird Party AdvisoryWEB
- sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-977g-93f5-rqjxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-5233ghsaADVISORY
- sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerabilityghsaWEB
News mentions
0No linked articles in our index yet.