Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01anhjLWhtcWYtM2Y3M80Www

Moderate EPSS: 0.00169% (0.3901 Percentile) EPSS:
Permalink JSON

Cross-Site Scripting in grav

Affected Packages Affected Versions Fixed Versions
packagist:getgrav/grav < 1.7.24 1.7.24
2 Dependent packages
9 Dependent repositories
76,170 Downloads total

Affected Version Ranges

All affected versions

0.8.0, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.42, 0.9.43, 0.9.44, 0.9.45, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.6.16, 1.6.17, 1.6.18, 1.6.19, 1.6.20, 1.6.21, 1.6.22, 1.6.23, 1.6.24, 1.6.25, 1.6.26, 1.6.27, 1.6.28, 1.6.29, 1.6.30, 1.6.31, 1.7.0, 1.7.1, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.7.18, 1.7.19, 1.7.20, 1.7.21, 1.7.22, 1.7.23

All unaffected versions

1.7.24, 1.7.25, 1.7.26, 1.7.27, 1.7.28, 1.7.29, 1.7.30, 1.7.31, 1.7.32, 1.7.33, 1.7.34, 1.7.35, 1.7.36, 1.7.37, 1.7.38, 1.7.39, 1.7.40, 1.7.41, 1.7.42, 1.7.43, 1.7.44, 1.7.45, 1.7.46, 1.7.47, 1.7.48

grav prior to version 1.7.24 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

References:

Identifiers

GHSA-5jxc-hmqf-3f73

CVE-2021-3904

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00169

EPSS Percentile: 0.3901

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/getgrav/grav

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON