Cross-Site Scripting Vulnerability in Grav CMS by GetGrav
CVE-2018-5233
6.1MEDIUM
What is CVE-2018-5233?
An XSS vulnerability exists in Grav CMS prior to version 1.3.0, affecting the admin tools component. This flaw allows remote attackers to inject arbitrary web scripts or HTML into web pages via manipulation of the PATH_INFO parameter. Successful exploitation can lead to unauthorized access or data compromise, making it crucial for users to update to the latest version to safeguard their systems.
