Getgrav ≫ Grav

Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. Wh...

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filte...

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privil...

Code Injection in GitHub repository getgrav/grav prior to 1.7.34.

stored xss in GitHub repository getgrav/grav prior to 1.7.33.

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.

Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.

grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')