CVE-2022-0268

Description

In grav prior to version 1.7.28, a low privilege user can create a page with arbitrary javascript by bypassing insufficent XSS filtering.

How to fix CVE-2022-0268

To remediate CVE-2022-0268, upgrade the affected package to a fixed version below.

• Packagist/getgrav/grav—upgrade to 1.7.28 or later

Is CVE-2022-0268 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.7.28

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0268
• PATCHgithub.com/getgrav/grav
• WEBgithub.com/getgrav/grav/commit/6f2fa9311afb9ecd34030dec2aff7b39e9e7e735
• WEBhuntr.dev/bounties/67085545-331e-4469-90f3-a1a46a078d39