cbcvebase.

Getgrav Grav vulnerabilities

7 known vulnerabilities affecting getgrav/getgrav_grav.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2021-3924P3HIGHCVSS 7.5≥ unspecified, ≤ 1.7.242021-11-05
CVE-2021-3924 [HIGH] CWE-22 CVE-2021-3924: grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
nvd
CVE-2021-3818P4MEDIUMCVSS 5.3≥ unspecified, < 1.7.222021-09-27
CVE-2021-3818 [MEDIUM] CWE-565 CVE-2021-3818: grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
nvd
CVE-2022-0970P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.312022-03-15
CVE-2022-0970 [MEDIUM] CWE-79 CVE-2022-0970: Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
nvd
CVE-2022-0268P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.282022-01-25
CVE-2022-0268 [MEDIUM] CWE-79 CVE-2022-0268: Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
nvd
CVE-2022-1173P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.332022-04-26
CVE-2022-1173 [MEDIUM] CWE-79 CVE-2022-1173: stored xss in GitHub repository getgrav/grav prior to 1.7.33. stored xss in GitHub repository getgrav/grav prior to 1.7.33.
nvd
CVE-2021-3904P4MEDIUMCVSS 5.4≥ unspecified, < 1.7.242021-10-27
CVE-2021-3904 [MEDIUM] CWE-79 CVE-2021-3904: grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scrip grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2022-0743P4MEDIUMCVSS 4.6≥ unspecified, < 1.7.312022-02-28
CVE-2022-0743 [MEDIUM] CWE-79 CVE-2022-0743: Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
nvd
Getgrav Grav vulnerabilities | cvebase