GSA_kwCzR0hTQS1tNzhjLXF4OTktbXZ3Oc4ABC_K

Low CVSS: 2.0 EPSS: 0.00026% (0.06257 Percentile) EPSS:

Permalink JSON

Grav Cross-site Scripting vulnerability

Affected Packages	Affected Versions	Fixed Versions
packagist:getgrav/grav	<= 1.7.45	No known fixed version
2 Dependent packages 9 Dependent repositories 81,782 Downloads total Affected Version Ranges All affected versions 0.8.0, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.42, 0.9.43, 0.9.44, 0.9.45, 1.0.0, 1.0.0-rc.1, 1.0.0-rc.2, 1.0.0-rc.3, 1.0.0-rc.4, 1.0.0-rc.5, 1.0.0-rc.6, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.1.0, 1.1.0-beta.1, 1.1.0-beta.2, 1.1.0-beta.3, 1.1.0-beta.4, 1.1.0-beta.5, 1.1.0-rc.1, 1.1.0-rc.2, 1.1.0-rc.3, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.9-rc.1, 1.1.9-rc.2, 1.1.9-rc.3, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.2.0, 1.2.0-rc.1, 1.2.0-rc.2, 1.2.0-rc.3, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.0-rc.1, 1.3.0-rc.2, 1.3.0-rc.3, 1.3.0-rc.4, 1.3.0-rc.5, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.4.0, 1.4.0-beta.1, 1.4.0-beta.2, 1.4.0-beta.3, 1.4.0-rc.1, 1.4.0-rc.2, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.5.0, 1.5.0-beta.1, 1.5.0-beta.2, 1.5.0-rc.1, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6.0, 1.6.0-beta.1, 1.6.0-beta.2, 1.6.0-beta.3, 1.6.0-beta.4, 1.6.0-beta.5, 1.6.0-beta.6, 1.6.0-beta.7, 1.6.0-beta.8, 1.6.0-rc.1, 1.6.0-rc.2, 1.6.0-rc.3, 1.6.0-rc.4, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.6.16, 1.6.17, 1.6.18, 1.6.19, 1.6.20, 1.6.21, 1.6.22, 1.6.23, 1.6.24, 1.6.25, 1.6.26, 1.6.27, 1.6.28, 1.6.29, 1.6.30, 1.6.31, 1.7.0, 1.7.0-beta.1, 1.7.0-beta.2, 1.7.0-beta.3, 1.7.0-beta.4, 1.7.0-beta.5, 1.7.0-beta.6, 1.7.0-beta.7, 1.7.0-beta.8, 1.7.0-beta.9, 1.7.0-beta.10, 1.7.0-rc.1, 1.7.0-rc.2, 1.7.0-rc.3, 1.7.0-rc.4, 1.7.0-rc.5, 1.7.0-rc.6, 1.7.0-rc.7, 1.7.0-rc.8, 1.7.0-rc.9, 1.7.0-rc.10, 1.7.0-rc.11, 1.7.0-rc.12, 1.7.0-rc.13, 1.7.0-rc.14, 1.7.0-rc.15, 1.7.0-rc.16, 1.7.0-rc.17, 1.7.0-rc.18, 1.7.0-rc.19, 1.7.0-rc.20, 1.7.1, 1.7.26.1, 1.7.27.1, 1.7.29.1, 1.7.3, 1.7.37.1, 1.7.39.1, 1.7.39.2, 1.7.39.3, 1.7.39.4, 1.7.4, 1.7.41.1, 1.7.41.2, 1.7.42.1, 1.7.42.2, 1.7.42.3, 1.7.49.1, 1.7.49.2, 1.7.49.3, 1.7.49.4, 1.7.49.5, 1.7.5, 1.7.50.1, 1.7.50.2, 1.7.50.3, 1.7.50.4, 1.7.50.5, 1.7.50.6, 1.7.50.7, 1.7.50.8, 1.7.50.9, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.7.18, 1.7.19, 1.7.20, 1.7.21, 1.7.22, 1.7.23, 1.7.24, 1.7.25, 1.7.26, 1.7.27, 1.7.28, 1.7.29, 1.7.30, 1.7.31, 1.7.32, 1.7.33, 1.7.34, 1.7.35, 1.7.36, 1.7.37, 1.7.38, 1.7.39, 1.7.40, 1.7.41, 1.7.42, 1.7.43, 1.7.44, 1.7.45

A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

References:

Identifiers

GHSA-m78c-qx99-mvw9

CVE-2024-35498

Risk

Severity

Low

CVSS

CVSS Score: 2.0

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

EPSS

EPSS Percentage: 0.00026

EPSS Percentile: 0.06257

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/r4vanan/Stored-xss-Grav-v1.7.45

Date and time

Published

11 months ago

Updated

16 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories