VYPR

GravCMS

by Grav CMS

Source repositories

CVEs (7)

  • CVE-2020-36955MedJan 26, 2026
    risk 0.42cvss 6.4epss 0.01

    Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be…

  • CVE-2021-21425Apr 7, 2021
    risk 0.10cvss epss 0.80

    Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method…

  • CVE-2021-47812Jan 15, 2026
    risk 0.00cvss epss 0.02

    GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious…

  • CVE-2025-63593Nov 3, 2025
    risk 0.00cvss epss 0.00

    Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2025-46199Jul 25, 2025
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields

  • CVE-2025-46198Jul 25, 2025
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

  • CVE-2024-35498Jan 6, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.