grav-plugin-admin
by Grav CMS
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21425 | Cri | 0.70 | 9.3 | 0.80 | Apr 7, 2021 | Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method… | ||
| CVE-2021-3920 | Med | 0.00 | 5.4 | 0.01 | Nov 19, 2021 | grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3799 | Med | 0.00 | 5.4 | 0.02 | Sep 27, 2021 | grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | ||
| CVE-2021-29439 | Hig | 0.00 | 7.2 | 0.03 | Apr 13, 2021 | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary… |
- risk 0.70cvss 9.3epss 0.80
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method…
- risk 0.00cvss 5.4epss 0.01
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.00cvss 5.4epss 0.02
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
- risk 0.00cvss 7.2epss 0.03
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary…