PT-2025-48754 · Aimeos · Aimeos Grapesjs Cms Extension
Published
2025-12-02
·
Updated
2026-03-10
·
CVE-2025-66468
CVSS v3.1
7.6
High
| Vector | AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aimeos GrapesJS CMS extension versions prior to 2021.10.8
Aimeos GrapesJS CMS extension versions prior to 2022.10.8
Aimeos GrapesJS CMS extension versions prior to 2023.10.8
Aimeos GrapesJS CMS extension versions prior to 2024.10.8
Aimeos GrapesJS CMS extension versions prior to 2025.10.8
Description
The Aimeos GrapesJS CMS extension, designed for creating content pages with extensible components, is susceptible to a stored cross-site scripting (XSS) attack. Malicious editors can inject Javascript code if the standard Content Security Policy is disabled. This allows for the execution of arbitrary code within the context of the application.
Recommendations
Update to Aimeos GrapesJS CMS extension version 2021.10.8 or later.
Update to Aimeos GrapesJS CMS extension version 2022.10.8 or later.
Update to Aimeos GrapesJS CMS extension version 2023.10.8 or later.
Update to Aimeos GrapesJS CMS extension version 2024.10.8 or later.
Update to Aimeos GrapesJS CMS extension version 2025.10.8 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aimeos Grapesjs Cms Extension