📦 Grav Plugin Admin

CVE-2021-21425 is an unauthenticated remote code execution vulnerability in Grav Admin Plugin that allows attackers to execute arbitrary methods without credentials, modify YAML configuration files, a...

A stored XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into page templates. These scripts execute automatically when affected content is viewed in the admin int...

This stored XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into page metadata fields. When an administrator views or edits an affected page, the scripts execute ...

A stored cross-site scripting (XSS) vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into group names. When administrators view the affected groups page, the scripts e...

This vulnerability in Grav's admin plugin allows attackers to enumerate valid usernames and discover associated email addresses through the 'Forgot Password' functionality. Attackers can leverage this...

A stored XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into the site configuration's taxonomies parameter. The payload persists on the server and executes autom...

This reflected XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts via the data[header][content][items] parameter in the /admin/pages/[page] endpoint. When exploited,...