CVE-2024-35498: Grav Cross-site Scripting vulnerability

January 6, 2025 (updated January 7, 2025)

A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

References

github.com/advisories/GHSA-m78c-qx99-mvw9
github.com/getgrav/grav
github.com/r4vanan/Stored-xss-Grav-v1.7.45
nvd.nist.gov/vuln/detail/CVE-2024-35498
r4vanan.medium.com/a-quick-dive-into-xss-vulnerability-in-grav-cms-v1-7-45-cve-2024-35498-fc236b7d74a0

Detect and mitigate CVE-2024-35498 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →