Tyojong

VendorGrav CMSVersionv.1.7.48Vulnerability TypeCross Site Scripting(XSS) Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fieldsAn authenticated attacker (editor role or permissions to publish), would manage to inject malicious javascript code in the form fields to be executed on the users or administrato..

VendorGrav CMSVersionv.1.7.46 v.1.7.48Vulnerability TypeCross Site Scripting(XSS) Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img elementThe ability to edit pages in the /admin page, which is available to authenticated attacker (editor role or permissions to publish)POCIt is impossible to..