Cross-site Scripting (XSS) - Stored in getgrav/grav
Oct 20th 2021
Grav is vulnerable to
XSS. It is possible to use
: instead of
Proof of Concept
1: Edit a page with the payload (user with low privileges).
2: Check out the target page and click on
This vulnerability is capable of executing JS code.