← voltar
CVE-2020-37256

Grav - Cross-Site Scripting in Admin Plugin Page Editor

CVSS 5.1 MEDIUMCWE-79
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Grav · Grav

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9https://www.vulncheck.com/advisories/grav-cross-site-scripting-in-admin-plugin-page-editor