Tyojong

VendorGrav CMSVersionv.1.7.48Vulnerability TypeCross Site Scripting(XSS) Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fieldsAn authenticated attacker (editor role or permissions to publish), would manage to inject malicious javascript code in the form fields to be executed on the users or administrato..