VIR Vulnerability Intelligence Relay

CVE-2025-66310

unknown
Published 2025-12-02 · Modified 2025-12-02
CVSS v3
CVSS v2
VIR risk

Description

Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact
EcosystemPackageVulnerableFixed
php Packagistgetgrav/grav<1.8.0-beta.271.8.0-beta.27

References

Verify integrity in audit chain (admin only). AS-IS.