VYPR
High severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors

CVE-2025-66468

Description

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aimeos/ai-cms-grapesjsPackagist
>= 2021.04.1, < 2021.10.82021.10.8
aimeos/ai-cms-grapesjsPackagist
>= 2022.04.1, < 2022.10.92022.10.9
aimeos/ai-cms-grapesjsPackagist
>= 2023.04.1, < 2023.10.152023.10.15
aimeos/ai-cms-grapesjsPackagist
>= 2024.04.1, < 2024.10.82024.10.8
aimeos/ai-cms-grapesjsPackagist
>= 2025.04.1, < 2025.10.22025.10.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.