Stored Cross-Site Scripting Vulnerability in Grav by GetGrav
CVE-2019-16126

6.1MEDIUM

Key Information:

Vendor: Getgrav
Status: Grav Cms
Vendor: CVE Published:; 9 September 2019

What is CVE-2019-16126?

The vulnerability in Grav allows attackers to exploit stored cross-site scripting (XSS) through the execution of JavaScript within SVG images in user-uploaded content. This can lead to the execution of malicious scripts in the context of unsuspecting users, thereby compromising the security and integrity of affected Grav installations. Users and administrators must ensure they are using versions that are not affected, primarily those later than 1.6.15, to prevent potential exploitation.

References

https://github.com/getgrav/grav/issues/2657

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Sep 8, 2019

JSON

Getgrav

What is CVE-2019-16126?

References

CVSS V3.1

Timeline