CNNVD-202512-2680 Information

CNNVD ID

CNNVD-202512-2680

Related CVE

CVE-2025-66843

• CNNVD Published: 2025-12-15

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.7.49.5之前版本存在安全漏洞，该漏洞源于页面编辑功能存在存储型跨站脚本，可能导致恶意脚本执行。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. There was a security loophole in the pre-Grav 1.7.49.5 version, which stemmed from the existence of a storage cross-site script for the page editing function, which could lead to malicious script execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Grav

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/Yohane-Mashiro/grav_cve/issues/1 https://access.redhat.com/security/cve/cve-2025-66843

Patch

https://getgrav.org/downloads