Medium severity6.4NVD Advisory· Published Jan 26, 2026· Updated Apr 15, 2026
CVE-2020-36955
CVE-2020-36955
Description
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the page is viewed in the admin panel or on the site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.9.18
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.