CVE-2025-66468
Last modified
CVE-2025-66468 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Aimeos | Grapesjs Cms | >= 2021.04.1, < 2021.10.8 |
| Aimeos | Grapesjs Cms | >= 2022.04.1, < 2022.10.9 |
| Aimeos | Grapesjs Cms | >= 2023.04.1, < 2023.10.15 |
| Aimeos | Grapesjs Cms | >= 2024.04.1, < 2024.10.8 |
| Aimeos | Grapesjs Cms | >= 2025.04.1, < 2025.10.2 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66468?
How severe is CVE-2025-66468?
How do I fix CVE-2025-66468?
Are you affected by CVE-2025-66468?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST