Notice
Recent Posts
Recent Comments
250x250
반응형
«   2025/07   »
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Archives
Today
Total
관리 메뉴

Tyojong

CVE-2025-46199 본문

n-day

CVE-2025-46199

Tyojong 2025. 7. 5. 18:56
반응형
Vendor Grav CMS
Version v.1.7.48
Vulnerability Type Cross Site Scripting(XSS)

 

Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields

An authenticated attacker (editor role or permissions to publish), would manage to inject malicious javascript code in the form fields to be executed on the users or administrators of the application when accessing the article.

 

The vulnerability also occurs in the current version because the previous vulnerability has not been patched.

Previous Vulnerabilities(CVE-2023-31506)

 

POC

## Exploit Code

`<isindex x="javascript:" onmouseover="alert('tyojong')">`

 

 

References

https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506

728x90

'n-day' 카테고리의 다른 글

CVE-2025-46198  (0) 2025.07.04
'n-day' Related Articles more