CVE-2020-37256

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.
Configurations

Configuration 1 (hide)

cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*

History

26 Jun 2026, 18:58

Type Values Removed Values Added
CPE cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
First Time Getgrav
Getgrav grav
References () https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9 - () https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9 - Vendor Advisory
References () https://www.vulncheck.com/advisories/grav-cross-site-scripting-in-admin-plugin-page-editor - () https://www.vulncheck.com/advisories/grav-cross-site-scripting-in-admin-plugin-page-editor - Third Party Advisory

25 Jun 2026, 22:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 22:16

Updated : 2026-06-27 04:17


NVD link : CVE-2020-37256

Mitre link : CVE-2020-37256

CVE.ORG link : CVE-2020-37256


JSON object : View

Products Affected

getgrav

  • grav
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')