Known Vulnerabilities for products from Getgrav
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Getgrav".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0268 | Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. | 5.4 - MEDIUM | 2022-01-25 | 2022-01-28 |
| CVE-2021-29440 | Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative u... | 7.2 - HIGH | 2021-04-13 | 2022-11-09 |
| CVE-2021-29439 | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with th... | 7.2 - HIGH | 2021-04-13 | 2023-11-06 |
| CVE-2021-21425 | Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.... | 9.8 - CRITICAL | 2021-04-07 | 2022-10-24 |
| CVE-2021-3924 | grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 7.5 - HIGH | 2021-11-05 | 2021-11-09 |
| CVE-2021-3920 | grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 - MEDIUM | 2021-11-19 | 2021-11-23 |
| CVE-2021-3904 | grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 - MEDIUM | 2021-10-27 | 2021-10-29 |
| CVE-2021-3818 | grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking | 5.3 - MEDIUM | 2021-09-27 | 2021-09-30 |
| CVE-2021-3799 | grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 5.4 - MEDIUM | 2021-09-27 | 2021-09-30 |
| CVE-2020-29556 | The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on th... | 5.5 - MEDIUM | 2021-03-15 | 2021-03-25 |
| CVE-2020-29555 | The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on ... | 8.1 - HIGH | 2021-03-15 | 2021-03-25 |
| CVE-2020-29553 | The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiti... | 8.8 - HIGH | 2021-03-15 | 2021-03-18 |
| CVE-2020-11529 | Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | 6.1 - MEDIUM | 2020-04-04 | 2021-05-17 |
| CVE-2019-16126 | Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. | 6.1 - MEDIUM | 2019-09-09 | 2019-09-09 |
| CVE-2018-5233 | Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attac... | 6.1 - MEDIUM | 2018-03-19 | 2018-04-17 |