CVE-2023-31506

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/getgrav/grav

Identifiers

GHSA-xrf8-cmrg-7436, CVE-2023-31506

Package Slug

packagist/getgrav/grav

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.

Affected Versions

All versions before 1.7.44

Solution

Upgrade to version 1.7.44 or above.

Last Modified

2024-02-19

source