Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.
Metrics
Affected Vendors & Products
References
History
Sat, 27 Jun 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 25 Jun 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access. | |
| Title | Grav - Cross-Site Scripting in Admin Plugin Page Editor | |
| First Time appeared |
Getgrav
Getgrav grav-plugin-admin |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:getgrav:grav-plugin-admin:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Getgrav
Getgrav grav-plugin-admin |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-06-25T21:41:00.831Z
Updated: 2026-06-27T02:27:57.205Z
Reserved: 2026-06-22T21:55:13.786Z
Link: CVE-2020-37256
Updated: 2026-06-27T02:27:52.825Z
No data.
No data.