Moderate severityNVD Advisory· Published Oct 27, 2021· Updated Aug 3, 2024
Cross-site Scripting (XSS) - Stored in getgrav/grav
CVE-2021-3904
Description
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
getgrav/gravPackagist | < 1.7.24 | 1.7.24 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-5jxc-hmqf-3f73ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3904ghsaADVISORY
- github.com/getgrav/grav/commit/afc69a3229bb6fe120b2c1ea27bc6f196ed7284dghsax_refsource_MISCWEB
- huntr.dev/bounties/b1182515-d911-4da9-b4f7-b4c341a62a8dghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.