Page 7 of 33 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. El archivo Common/Grav.php en Grav versiones anteriores a 1.7 presenta un Redireccionamiento Abierto. Esto está parcialmente arreglado en la versión1.6.23 y sigue presente en la versión 1.6.x • https://getgrav.org/#changelog https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7 https://github.com/getgrav/grav/issues/3134 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. Grav a 1.6.15 permite secuencias de comandos entre sitios (almacenadas) debido a la ejecución de JavaScript en imágenes SVG. • https://github.com/getgrav/grav/issues/2657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. Vulnerabilidad de Cross-Site Scripting (XSS) en system/src/Grav/Common/Twig/Twig.php en Grav CMS en versiones anteriores a la 1.3.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante PATH_INFO en admin/tools. Grav CMS version 1.2.4 suffers from a cross site scripting vulnerability. • http://www.openwall.com/lists/oss-security/2018/03/15/1 https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •