Grav Plugin Admin
by Getgrav
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36955 | Med | 0.42 | 6.4 | 0.01 | Jan 26, 2026 | Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be… | ||
| CVE-2021-21425 | 0.10 | — | 0.80 | Apr 7, 2021 | Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method… | |||
| CVE-2026-11982 | 0.00 | — | 0.00 | Jun 18, 2026 | Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow. | |||
| CVE-2021-3920 | 0.00 | — | 0.01 | Nov 19, 2021 | grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3799 | 0.00 | — | 0.02 | Sep 27, 2021 | grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||
| CVE-2021-29439 | 0.00 | — | 0.03 | Apr 13, 2021 | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary… |
- risk 0.42cvss 6.4epss 0.01
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be…
- CVE-2021-21425Apr 7, 2021risk 0.10cvss —epss 0.80
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method…
- CVE-2026-11982Jun 18, 2026risk 0.00cvss —epss 0.00
Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.
- CVE-2021-3920Nov 19, 2021risk 0.00cvss —epss 0.01
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3799Sep 27, 2021risk 0.00cvss —epss 0.02
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
- CVE-2021-29439Apr 13, 2021risk 0.00cvss —epss 0.03
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary…