Notice
Recent Posts
Recent Comments
250x250
반응형
«   2025/07   »
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Archives
Today
Total
관리 메뉴

Tyojong

CVE-2025-46198 본문

n-day

CVE-2025-46198

Tyojong 2025. 7. 4. 20:52
반응형
Vendor Grav CMS
Version v.1.7.46 <= Grav <= v.1.7.48
Vulnerability Type Cross Site Scripting(XSS)

 

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

The ability to edit pages in the /admin page, which is available to authenticated attacker (editor role or permissions to publish)

POC

It is impossible to save when using common script tags

However, script execution is possible when using onerror attribute of an img element.

 

It doesn't even come up with a warning

 

728x90

'n-day' 카테고리의 다른 글

CVE-2025-46199  (0) 2025.07.05
'n-day' Related Articles more