Security Advisory

CVE-2025-65186

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-02 00:00:00

Last updated 2025-12-02 19:31:27

Assigner mitre

State PUBLISHED

Description

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.

← Browse all CVEs View on cve.org ↗