Vulnerabilities

CVE-2025-66843 - Grav Stored Cross-Site Scripting (XSS)

2025-12-15 0 views admin

CVE ID : CVE-2025-66843 Published : Dec. 15, 2025, 4:15 p.m. | 1 hour, 15 minutes ago Description : grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-66843

Severity

LOW

Published

Dec. 15, 2025

Impact: XSS

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-66843low

CVE-2025-66843 - Grav Stored Cross-Site Scripting (XSS)

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-27629 - InvenTree Vulnerable to Server Side Template Injection (SSTI)

CVE-2026-27628 - pypdf has a possible infinite loop when loading circular /Prev entries in cross-...

CVE-2026-27626 - OliveTin vulnerable to OS Command Injection via `password` argument type and web...

CVE-2026-27621 - TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting