Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

grav — Vulnerabilities & Security Advisories 33

All 33 CVE vulnerabilities found in grav, with AI-generated Chinese analysis, references, and POCs.

Vendor: getgrav

CVE IDTitleCVSSSeverityPublished
CVE-2025-66312 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]` CWE-79 5.4AIMediumAI2025-12-01
CVE-2025-66311 Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters CWE-79 5.4AIMediumAI2025-12-01
CVE-2025-66310 Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab CWE-79 5.4AIMediumAI2025-12-01
CVE-2025-66309 Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab CWE-79 6.1AIMediumAI2025-12-01
CVE-2025-66308 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]` CWE-79 5.4AIMediumAI2025-12-01
CVE-2025-66307 Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure CWE-204 6.5 Medium2025-12-01
CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel CWE-639 4.3 Medium2025-12-01
CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter CWE-248 4.9AIMediumAI2025-12-01
CVE-2025-66304 Grav Exposes Password Hashes Leading to privilege escalation CWE-200 6.2 Medium2025-12-01
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel CWE-400 4.9 Medium2025-12-01
CVE-2025-66302 Grav vulnerable to Path Traversal allowing server files backup CWE-22 6.8 Medium2025-12-01
CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions CWE-285 4.3AIMediumAI2025-12-01
CVE-2025-66300 Grav is vulnerable to Arbitrary File Read CWE-22 8.5 High2025-12-01
CVE-2025-66299 Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS CWE-94 8.8 High2025-12-01
CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms CWE-1336 5.3AIMediumAI2025-12-01
CVE-2025-66297 Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection CWE-1336 7.2AIHighAI2025-12-01
CVE-2025-66296 Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover CWE-266 8.8 High2025-12-01
CVE-2025-66294 Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass CWE-94 7.2AIHighAI2025-12-01
CVE-2025-66295 Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption CWE-22 8.8 High2025-12-01
CVE-2024-34082 Grav Arbitrary File Read to Account Takeover CWE-269 8.5 High2024-05-15
CVE-2024-28119 Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler CWE-94 8.8 High2024-03-21
CVE-2024-28118 Grav vulnerable to Server Side Template Injection (SSTI) CWE-94 8.8 High2024-03-21
CVE-2024-28117 Grav vulnerable to Server Side Template Injection (SSTI) CWE-94 8.8 High2024-03-21
CVE-2024-28116 Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass CWE-94 8.8 High2024-03-21
CVE-2024-27921 Grav File Upload Path Traversal vulnerability CWE-22 8.8 High2024-03-21
CVE-2024-27923 Remote Code Execution by uploading a phar file using frontmatter CWE-287 8.8 High2024-03-06
CVE-2023-37897 Server-side Template Injection (SSTI) in grav CWE-74 7.2 High2023-07-18
CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password CWE-79 5.4 Medium2023-06-14
CVE-2023-34448 Grav Server-side Template Injection (SSTI) via Twig Default Filters CWE-20 8.8 High2023-06-14
CVE-2023-34253 Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass CWE-184 8.8 High2023-06-14

All 33 known CVE vulnerabilities affecting grav with full Chinese analysis, references, and POCs where available.