Search criteria
149 vulnerabilities found for grav by getgrav
CVE-2021-47812 (GCVE-0-2021-47812)
Vulnerability from nvd – Published: 2026-01-15 23:25 – Updated: 2026-01-16 21:11
VLAI?
Title
GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)
Summary
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
Severity ?
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
legend
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:04:12.877202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:11:10.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49973"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GravCMS",
"vendor": "Getgrav",
"versions": [
{
"status": "affected",
"version": "1.10.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "legend"
}
],
"descriptions": [
{
"lang": "en",
"value": "GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T23:25:54.327Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49973",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49973"
},
{
"name": "Official Grav CMS Homepage",
"tags": [
"product"
],
"url": "https://getgrav.org"
},
{
"name": "VulnCheck Advisory: GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/gravcms-arbitrary-yaml-writeupdate-unauthenticated"
}
],
"title": "GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47812",
"datePublished": "2026-01-15T23:25:54.327Z",
"dateReserved": "2026-01-14T17:11:19.894Z",
"dateUpdated": "2026-01-16T21:11:10.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66843 (GCVE-0-2025-66843)
Vulnerability from nvd – Published: 2025-12-15 00:00 – Updated: 2025-12-16 17:33
VLAI?
Summary
grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66843",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T17:33:18.234256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T17:33:21.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:45:59.621Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66843",
"datePublished": "2025-12-15T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:33:21.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66844 (GCVE-0-2025-66844)
Vulnerability from nvd – Published: 2025-12-15 00:00 – Updated: 2025-12-16 15:37
VLAI?
Summary
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66844",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T15:32:54.432805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T15:37:54.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In grav \u003c1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:51:00.461Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66844",
"datePublished": "2025-12-15T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-16T15:37:54.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65186 (GCVE-0-2025-65186)
Vulnerability from nvd – Published: 2025-12-02 00:00 – Updated: 2025-12-02 19:31
VLAI?
Summary
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65186",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T19:31:02.214349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:31:27.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize \u003cscript\u003e tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:10:27.237Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/getgrav/grav"
},
{
"url": "https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65186.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65186",
"datePublished": "2025-12-02T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-02T19:31:27.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66312 (GCVE-0-2025-66312)
Vulnerability from nvd – Published: 2025-12-01 22:06 – Updated: 2025-12-02 14:36
VLAI?
Title
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[readableName] parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:36:06.007696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:36:20.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-rmw5-f87r-w988"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[readableName] parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:06:27.444Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-rmw5-f87r-w988",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-rmw5-f87r-w988"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-rmw5-f87r-w988",
"discovery": "UNKNOWN"
},
"title": "Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66312",
"datePublished": "2025-12-01T22:06:27.444Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T14:36:20.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66311 (GCVE-0-2025-66311)
Vulnerability from nvd – Published: 2025-12-01 22:05 – Updated: 2025-12-02 15:53
VLAI?
Title
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][metadata], data[header][taxonomy][category], and data[header][taxonomy][tag] parameters. These scripts are stored in the page frontmatter and executed automatically whenever the affected page is accessed or rendered in the administrative interface. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T15:53:27.365794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T15:53:34.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-mpjj-4688-3fxg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][metadata], data[header][taxonomy][category], and data[header][taxonomy][tag] parameters. These scripts are stored in the page frontmatter and executed automatically whenever the affected page is accessed or rendered in the administrative interface. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:05:17.671Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-mpjj-4688-3fxg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-mpjj-4688-3fxg"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-mpjj-4688-3fxg",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66311",
"datePublished": "2025-12-01T22:05:17.671Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T15:53:34.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66310 (GCVE-0-2025-66310)
Vulnerability from nvd – Published: 2025-12-01 22:04 – Updated: 2025-12-02 16:03
VLAI?
Title
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][template] parameter. The script is saved within the page's frontmatter and executed automatically whenever the affected content is rendered in the administrative interface or frontend view. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:03:09.485554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:03:14.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-7g78-5g5g-mvfj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][template] parameter. The script is saved within the page\u0027s frontmatter and executed automatically whenever the affected content is rendered in the administrative interface or frontend view. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:04:09.187Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-7g78-5g5g-mvfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-7g78-5g5g-mvfj"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-7g78-5g5g-mvfj",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66310",
"datePublished": "2025-12-01T22:04:09.187Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T16:03:14.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66309 (GCVE-0-2025-66309)
Vulnerability from nvd – Published: 2025-12-01 22:02 – Updated: 2025-12-02 16:12
VLAI?
Title
Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][content][items] parameter. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:12:10.163087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:12:13.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-65mj-f7p4-wggq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][content][items] parameter. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:02:50.012Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-65mj-f7p4-wggq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-65mj-f7p4-wggq"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-65mj-f7p4-wggq",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the \"Blog Config\" tab"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66309",
"datePublished": "2025-12-01T22:02:50.012Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T16:12:13.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66308 (GCVE-0-2025-66308)
Vulnerability from nvd – Published: 2025-12-01 22:00 – Updated: 2025-12-02 16:14
VLAI?
Title
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[taxonomies] parameter. The injected payload is stored on the server and automatically executed in the browser of any user who accesses the affected site configuration, resulting in a persistent attack vector. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:13:50.257850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:14:03.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[taxonomies] parameter. The injected payload is stored on the server and automatically executed in the browser of any user who accesses the affected site configuration, resulting in a persistent attack vector. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:00:42.343Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-gqxx-248x-g29f",
"discovery": "UNKNOWN"
},
"title": "Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66308",
"datePublished": "2025-12-01T22:00:42.343Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T16:14:03.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47812 (GCVE-0-2021-47812)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-01-16 21:11
VLAI?
Title
GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)
Summary
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
Severity ?
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
legend
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:04:12.877202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:11:10.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49973"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GravCMS",
"vendor": "Getgrav",
"versions": [
{
"status": "affected",
"version": "1.10.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "legend"
}
],
"descriptions": [
{
"lang": "en",
"value": "GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T23:25:54.327Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49973",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49973"
},
{
"name": "Official Grav CMS Homepage",
"tags": [
"product"
],
"url": "https://getgrav.org"
},
{
"name": "VulnCheck Advisory: GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/gravcms-arbitrary-yaml-writeupdate-unauthenticated"
}
],
"title": "GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47812",
"datePublished": "2026-01-15T23:25:54.327Z",
"dateReserved": "2026-01-14T17:11:19.894Z",
"dateUpdated": "2026-01-16T21:11:10.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66843 (GCVE-0-2025-66843)
Vulnerability from cvelistv5 – Published: 2025-12-15 00:00 – Updated: 2025-12-16 17:33
VLAI?
Summary
grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66843",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T17:33:18.234256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T17:33:21.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:45:59.621Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66843",
"datePublished": "2025-12-15T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:33:21.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66844 (GCVE-0-2025-66844)
Vulnerability from cvelistv5 – Published: 2025-12-15 00:00 – Updated: 2025-12-16 15:37
VLAI?
Summary
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66844",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T15:32:54.432805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T15:37:54.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In grav \u003c1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T15:51:00.461Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66844",
"datePublished": "2025-12-15T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2025-12-16T15:37:54.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65186 (GCVE-0-2025-65186)
Vulnerability from cvelistv5 – Published: 2025-12-02 00:00 – Updated: 2025-12-02 19:31
VLAI?
Summary
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65186",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T19:31:02.214349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:31:27.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize \u003cscript\u003e tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:10:27.237Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/getgrav/grav"
},
{
"url": "https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65186.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65186",
"datePublished": "2025-12-02T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-02T19:31:27.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66312 (GCVE-0-2025-66312)
Vulnerability from cvelistv5 – Published: 2025-12-01 22:06 – Updated: 2025-12-02 14:36
VLAI?
Title
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[readableName] parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:36:06.007696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:36:20.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-rmw5-f87r-w988"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[readableName] parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:06:27.444Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-rmw5-f87r-w988",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-rmw5-f87r-w988"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-rmw5-f87r-w988",
"discovery": "UNKNOWN"
},
"title": "Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66312",
"datePublished": "2025-12-01T22:06:27.444Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T14:36:20.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66311 (GCVE-0-2025-66311)
Vulnerability from cvelistv5 – Published: 2025-12-01 22:05 – Updated: 2025-12-02 15:53
VLAI?
Title
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][metadata], data[header][taxonomy][category], and data[header][taxonomy][tag] parameters. These scripts are stored in the page frontmatter and executed automatically whenever the affected page is accessed or rendered in the administrative interface. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T15:53:27.365794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T15:53:34.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-mpjj-4688-3fxg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][metadata], data[header][taxonomy][category], and data[header][taxonomy][tag] parameters. These scripts are stored in the page frontmatter and executed automatically whenever the affected page is accessed or rendered in the administrative interface. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:05:17.671Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-mpjj-4688-3fxg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-mpjj-4688-3fxg"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-mpjj-4688-3fxg",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66311",
"datePublished": "2025-12-01T22:05:17.671Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T15:53:34.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66310 (GCVE-0-2025-66310)
Vulnerability from cvelistv5 – Published: 2025-12-01 22:04 – Updated: 2025-12-02 16:03
VLAI?
Title
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][template] parameter. The script is saved within the page's frontmatter and executed automatically whenever the affected content is rendered in the administrative interface or frontend view. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:03:09.485554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:03:14.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-7g78-5g5g-mvfj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][template] parameter. The script is saved within the page\u0027s frontmatter and executed automatically whenever the affected content is rendered in the administrative interface or frontend view. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:04:09.187Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-7g78-5g5g-mvfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-7g78-5g5g-mvfj"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-7g78-5g5g-mvfj",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66310",
"datePublished": "2025-12-01T22:04:09.187Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T16:03:14.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66309 (GCVE-0-2025-66309)
Vulnerability from cvelistv5 – Published: 2025-12-01 22:02 – Updated: 2025-12-02 16:12
VLAI?
Title
Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][content][items] parameter. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:12:10.163087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:12:13.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-65mj-f7p4-wggq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][content][items] parameter. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:02:50.012Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-65mj-f7p4-wggq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-65mj-f7p4-wggq"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-65mj-f7p4-wggq",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the \"Blog Config\" tab"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66309",
"datePublished": "2025-12-01T22:02:50.012Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T16:12:13.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66308 (GCVE-0-2025-66308)
Vulnerability from cvelistv5 – Published: 2025-12-01 22:00 – Updated: 2025-12-02 16:14
VLAI?
Title
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`
Summary
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[taxonomies] parameter. The injected payload is stored on the server and automatically executed in the browser of any user who accesses the affected site configuration, resulting in a persistent attack vector. This vulnerability is fixed in 1.11.0-beta.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:13:50.257850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:14:03.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0-beta.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/config/site endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[taxonomies] parameter. The injected payload is stored on the server and automatically executed in the browser of any user who accesses the affected site configuration, resulting in a persistent attack vector. This vulnerability is fixed in 1.11.0-beta.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:00:42.343Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f"
},
{
"name": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0"
}
],
"source": {
"advisory": "GHSA-gqxx-248x-g29f",
"discovery": "UNKNOWN"
},
"title": "Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66308",
"datePublished": "2025-12-01T22:00:42.343Z",
"dateReserved": "2025-11-26T23:11:46.396Z",
"dateUpdated": "2025-12-02T16:14:03.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-66843
Vulnerability from fkie_nvd - Published: 2025-12-15 16:15 - Updated: 2025-12-17 15:39
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Yohane-Mashiro/grav_cve/issues/1 | Exploit, Issue Tracking, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/Yohane-Mashiro/grav_cve/issues/1 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4635A1D7-7801-4263-A58C-17941EE530B4",
"versionEndExcluding": "1.7.49.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page."
}
],
"id": "CVE-2025-66843",
"lastModified": "2025-12-17T15:39:29.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-15T16:15:53.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/1"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66844
Vulnerability from fkie_nvd - Published: 2025-12-15 16:15 - Updated: 2025-12-17 15:38
Severity ?
Summary
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Yohane-Mashiro/grav_cve/issues/2 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4635A1D7-7801-4263-A58C-17941EE530B4",
"versionEndExcluding": "1.7.49.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In grav \u003c1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered"
}
],
"id": "CVE-2025-66844",
"lastModified": "2025-12-17T15:38:46.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-15T16:15:53.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Yohane-Mashiro/grav_cve/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-65186
Vulnerability from fkie_nvd - Published: 2025-12-02 17:16 - Updated: 2025-12-03 20:13
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/getgrav/grav | Product | |
| cve@mitre.org | https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65186.pdf | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:1.7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "44FDE961-C4D1-4B90-B32F-9217F1F8E354",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize \u003cscript\u003e tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface."
}
],
"id": "CVE-2025-65186",
"lastModified": "2025-12-03T20:13:43.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-02T17:16:06.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/getgrav/grav"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65186.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66304
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 18:57
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3FCDC-ADBD-4023-9AC7-154642622421",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "1.7.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66304",
"lastModified": "2025-12-03T18:57:54.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-01T22:15:50.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66306
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 18:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin email addresses and other metadata can be exposed, increasing the risk of phishing, credential stuffing, and social engineering. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC8A2F1-9318-4224-9CF5-D3EFE16E81F4",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "1.7.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin email addresses and other metadata can be exposed, increasing the risk of phishing, credential stuffing, and social engineering. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66306",
"lastModified": "2025-12-03T18:45:11.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-01T22:15:50.413",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/b7e1958a6e807ac14919447b60e5204a2ea77f62"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-4cwq-j7jv-qmwg"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-4cwq-j7jv-qmwg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66305
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 18:50
Severity ?
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted—such as a single forward slash (/) or an XSS test string—it causes a fatal regular expression parsing error on the server. This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in an error. Once triggered, the site becomes completely unavailable to all users. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC8A2F1-9318-4224-9CF5-D3EFE16E81F4",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "1.7.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the \"Languages\" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted\u2014such as a single forward slash (/) or an XSS test string\u2014it causes a fatal regular expression parsing error on the server. This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in an error. Once triggered, the site becomes completely unavailable to all users. This vulnerability is fixed in 1.8.0-beta.27."
},
{
"lang": "es",
"value": "Grav es una plataforma web basada en archivos. Versiones anteriores a la 1.8.0-beta.27, se identific\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en el submen\u00fa \u0027Idiomas\u0027 del panel de configuraci\u00f3n de administraci\u00f3n de Grav (/admin/config/system). Espec\u00edficamente, el par\u00e1metro Supported no valida correctamente la entrada del usuario. Si se inserta un valor malformado \u2014como una sola barra inclinada (/) o una cadena de prueba XSS\u2014, provoca un error fatal de an\u00e1lisis de expresi\u00f3n regular en el servidor. Esto conduce a una falla en toda la aplicaci\u00f3n debido al uso de la funci\u00f3n preg_match() con una expresi\u00f3n regular construida incorrectamente, lo que resulta en un error. Una vez activado, el sitio queda completamente no disponible para todos los usuarios. Esta vulnerabilidad se corrige en la 1.8.0-beta.27."
}
],
"id": "CVE-2025-66305",
"lastModified": "2025-12-03T18:50:11.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-01T22:15:50.250",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66300
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 15:45
Severity ?
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using \"Frontmatter\" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66300",
"lastModified": "2025-12-03T15:45:05.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-01T22:15:49.447",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-p4ww-mcp9-j6f2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66303
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 16:03
Severity ?
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service (DoS) vulnerability has been identified in Grav related to the handling of scheduled_at parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduled_at parameter with a malicious input, such as a single quote, the application admin panel becomes non-functional, causing significant disruptions to administrative operations. The only way to recover from this issue is to manually access the host server and modify the backup.yaml file to correct the corrupted cron expression. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service (DoS) vulnerability has been identified in Grav related to the handling of scheduled_at parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduled_at parameter with a malicious input, such as a single quote, the application admin panel becomes non-functional, causing significant disruptions to administrative operations. The only way to recover from this issue is to manually access the host server and modify the backup.yaml file to correct the corrupted cron expression. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66303",
"lastModified": "2025-12-03T16:03:09.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-01T22:15:49.913",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-x62q-p736-3997"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-x62q-p736-3997"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66302
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 16:00
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66302",
"lastModified": "2025-12-03T16:00:53.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-01T22:15:49.750",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66301
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 15:50
Severity ?
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/getgrav/grav/security/advisories/GHSA-v8x2-fjv7-8hjh | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/getgrav/grav/security/advisories/GHSA-v8x2-fjv7-8hjh | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66301",
"lastModified": "2025-12-03T15:50:19.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-01T22:15:49.607",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-v8x2-fjv7-8hjh"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-v8x2-fjv7-8hjh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66298
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 15:51
Severity ?
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66298",
"lastModified": "2025-12-03T15:51:09.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-01T22:15:49.103",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-8535-hvm8-2hmv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-66299
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 15:41
Severity ?
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66299",
"lastModified": "2025-12-03T15:41:59.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-01T22:15:49.290",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gjc5-8cfh-653x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "CWE-1336"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}