RSS   Vulnerabilities for 'Grav cms'   RSS

2021-03-15
 
CVE-2020-29553

CWE-352
 
 
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).

 
2019-09-08
 
CVE-2019-16126

CWE-79
 
 
Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.

 

 >>> Vendor: Getgrav 4 Products
Grav cms
GRAV
Grav admin
Grav-plugin-admin

Copyright 2024, cxsecurity.com

 

Back to Top