Product

Grav Core + Admin Plugin (< 2.0.0-Beta.2)

1 brief RSS

Grav CMS Stored XSS Vulnerability Leading to Potential RCE

A stored XSS vulnerability exists in Grav Core + Admin Plugin versions before 2.0.0-beta.2, where a low-privileged user can inject malicious code via a crafted tag, potentially leading to the exfiltration of admin session context, bypassing CSRF protections, and escalating to remote code execution (RCE).

Grav Core + Admin Plugin grav xss rce webserver

2r 2t 1h ago