CNNVD-202512-010 Information

CNNVD ID

CNNVD-202512-010

Related CVE

CVE-2025-66308

• CNNVD Published: 2025-12-01

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.11.0-beta.1之前版本存在跨站脚本漏洞，该漏洞源于存储型跨站脚本，可能导致恶意脚本执行。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. The previous version of Grav 1.11.0-beta.1 had a cross-site script loophole, which originated in a storage-type cross-site script and could lead to malicious script execution.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Grav

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/getgrav/grav-plugin-admin/commit/99f653296504f1d6408510dd2f6f20a45a26f9b0 https://github.com/getgrav/grav/security/advisories/GHSA-gqxx-248x-g29f https://access.redhat.com/security/cve/cve-2025-66308

Patch

https://getgrav.org/downloads