CNNVD-202507-3128 Information

CNNVD ID

CNNVD-202507-3128

Related CVE

CVE-2025-46198

• CNNVD Published: 2025-07-25

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 grav 1.7.48、1.7.47和1.7.46版本存在安全漏洞，该漏洞源于img元素onerror属性未经验证，可能导致跨站脚本。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. glav 1.7.48, 1.7.47 and 1.7.46 versions contain a security loophole that originates from the unverified onerror properties of the img element and may result in a cross-site script.

Hazard Level

Medium

Affected Vendor

Grav

Published

2025-07-25

Last Modified

2026-02-24

References

https://rapid-echo-f9c.notion.site/Grav-XSS-1dbaf8998a078072bb30ffc9b9e7ab4a?pvs=4 https://tyojong.tistory.com/1 https://access.redhat.com/security/cve/cve-2025-46198 https://nvd.nist.gov/vuln/detail/CVE-2025-46198