Security
Headlines

Headlines Latest CVEs

Headline

GHSA-cchq-397m-q2qm: Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.

1 day ago

#xss #git #intel #perl #auth

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-65186

Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor

Moderate severity GitHub Reviewed Published Dec 2, 2025 to the GitHub Advisory Database • Updated Dec 3, 2025

Package

Affected versions

<= 1.7.49

Description

Published to the GitHub Advisory Database

Dec 2, 2025

EPSS score

ghsa: Latest News

GHSA-wvxp-jp4w-w8wg: mcp-server-kubernetes has potential security issue in exec_in_pod tool

6 hours ago

GHSA-fmh4-wr37-44fp: React Server Components are Vulnerable to RCE

8 hours ago

GHSA-fv66-9v8q-g76r: React Server Components are Vulnerable to RCE

8 hours ago

GHSA-9qr9-h5gf-34mp: Next.js is vulnerable to RCE in React flight protocol

8 hours ago

GHSA-h8cp-697h-8c8p: Step CA Has Authorization Bypass in ACME and SCEP Provisioners

10 hours ago