Cross-site Scripting (XSS) - Stored in getgrav/grav
Reported on
Oct 20th 2021
Description
Grav
is vulnerable to XSS
. It is possible to use :
instead of :
in <a>
tags.
Proof of Concept
Payload:
<a href="javascript:alert(document.domain)">CLICK HERE</a>
1: Edit a page with the payload (user with low privileges).
2: Check out the target page and click on CLICK HERE
.
Impact
This vulnerability is capable of executing JS code.