Known Vulnerabilities for products from Getgrav
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Getgrav".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-29924 json | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin ... | Not Provided | 2026-03-30 | 2026-04-06 |
| CVE-2023-37897 json | Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The... | 8.8 - HIGH | 2023-07-18 | 2023-07-28 |
| CVE-2023-34452 json | Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected... | 6.1 - MEDIUM | 2023-06-14 | 2023-06-22 |
| CVE-2023-34448 json | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template i... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2023-34253 json | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous fun... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34252 json | Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` funct... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34251 json | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Rem... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2022-2073 json | Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | 7.2 - HIGH | 2022-06-29 | 2022-07-08 |
| CVE-2022-1173 json | stored xss in GitHub repository getgrav/grav prior to 1.7.33. | 5.4 - MEDIUM | 2022-04-26 | 2022-05-05 |
| CVE-2022-0970 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 5.4 - MEDIUM | 2022-03-15 | 2022-03-22 |
| CVE-2022-0743 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 4.6 - MEDIUM | 2022-02-28 | 2022-03-10 |
| CVE-2022-0268 json | Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. | 5.4 - MEDIUM | 2022-01-25 | 2022-01-28 |
| CVE-2021-29440 json | Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative u... | 7.2 - HIGH | 2021-04-13 | 2022-11-09 |
| CVE-2021-29439 json | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with th... | 7.2 - HIGH | 2021-04-13 | 2023-11-06 |
| CVE-2021-21425 json | Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.... | 9.8 - CRITICAL | 2021-04-07 | 2022-10-24 |
| CVE-2021-3924 json | grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 7.5 - HIGH | 2021-11-05 | 2021-11-09 |
| CVE-2021-3920 json | grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 - MEDIUM | 2021-11-19 | 2021-11-23 |
| CVE-2021-3904 json | grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 - MEDIUM | 2021-10-27 | 2021-10-29 |
| CVE-2021-3818 json | grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking | 5.3 - MEDIUM | 2021-09-27 | 2021-09-30 |
| CVE-2021-3799 json | grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 5.4 - MEDIUM | 2021-09-27 | 2021-09-30 |