VYPR

Grav Plugin Admin

by Getgrav

Source repositories

CVEs (6)

  • CVE-2020-36955MedJan 26, 2026
    risk 0.42cvss 6.4epss 0.01

    Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be…

  • CVE-2021-21425Apr 7, 2021
    risk 0.10cvss epss 0.80

    Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method…

  • CVE-2026-11982Jun 18, 2026
    risk 0.00cvss epss 0.00

    Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

  • CVE-2021-3920Nov 19, 2021
    risk 0.00cvss epss 0.01

    grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CVE-2021-3799Sep 27, 2021
    risk 0.00cvss epss 0.02

    grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames

  • CVE-2021-29439Apr 13, 2021
    risk 0.00cvss epss 0.03

    The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary…