Vdh1612

**Name of the Vulnerable Software and Affected Versions** grav-plugin-admin versions prior to 1.10.49.5 **Description** The application fails to properly validate and sanitize user input in the `data[header][title]` parameter. This allows attackers to craft a malicious URL containing a Cross-Site Scripting (XSS) payload. When accessed, the injected script is reflected in the HTTP response and executed within the victim's browser session. This issue affects the '/admin/pages/[page]' endpoint. **Recommendations** Update to version 1.10.49.5.