Moderate severityNVD Advisory· Published Feb 9, 2024· Updated Jun 16, 2025

CVE-2023-31506

Description

A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
getgrav/gravPackagist	>= 0	—

Affected products

Grav/Gravdescription
ghsa-coords
pkg:composer/getgrav/grav
Range: >= 0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-xrf8-cmrg-7436ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-31506ghsaADVISORY
m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000