Headline

GHSA-424m-fj2q-g7vg: Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

Impact

Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled.

Workaround

If the standard CSP rules are active (default in production mode), an exploit isn’t possible.

Credits

Lwin Min Oo lwinminoo2244@gmail.com

1 hour ago

ghsa

Open in Source

#xss #js #git #java #intel #auth

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-66468

Aimeos GrapesJS CMS extension has possible stored XSS that’s exploitable by authenticated editors

Package

composer aimeos/ai-cms-grapesjs (Composer)

Affected versions

>= 2021.04.1, < 2021.10.8

>= 2022.04.1, < 2022.10.9

>= 2023.04.1, < 2023.10.15

>= 2024.04.1, < 2024.10.8

>= 2025.04.1, < 2025.10.2

Patched versions

2021.10.8

2022.10.9

2023.10.15

2024.10.8

2025.10.2

Description

Published to the GitHub Advisory Database

Dec 3, 2025

EPSS score

ghsa: Latest News

GHSA-424m-fj2q-g7vg: Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

1 hour ago

ghsa

GHSA-5xw2-57jx-pgjp: GrapesJsBuilder File Upload allows all file uploads

18 hours ago

ghsa

GHSA-3fq7-c5m8-g86x: Mautic user without privileged access to the Marketplace can install and uninstall composer packages

18 hours ago

ghsa

GHSA-j3rw-fx6g-q46j: Apptainer ineffectively applies selinux and apparmor --security options

18 hours ago

ghsa

GHSA-wwrx-w7c9-rf87: Singluarity ineffectively applies selinux / apparmor LSM process labels

18 hours ago

ghsa