Security Advisory

CVE-2025-66310

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-01 22:04:09
Last updated 2025-12-02 16:03:14
Assigner GitHub_M
State PUBLISHED

Description

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the data[header][template] parameter. The script is saved within the pages frontmatter and executed automatically whenever the affected content is rendered in the administrative interface or frontend view. This vulnerability is fixed in 1.11.0-beta.1.