CVE-2025-66843
Last modified
CVE-2025-66843 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later executed when any other user views or edits the affected page.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Getgrav | Grav | < 1.7.49.5 |
References
- https://github.com/Yohane-Mashiro/grav_cve/issues/1Exploit, Issue Tracking, Third Party Advisory
- https://github.com/Yohane-Mashiro/grav_cve/issues/1Exploit, Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66843?
How severe is CVE-2025-66843?
How do I fix CVE-2025-66843?
Are you affected by CVE-2025-66843?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST