Tyojong

VendorGrav CMSVersionv.1.7.46 v.1.7.48Vulnerability TypeCross Site Scripting(XSS) Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img elementThe ability to edit pages in the /admin page, which is available to authenticated attacker (editor role or permissions to publish)POCIt is impossible to..