CVE-2025-66843

Name of the Vulnerable Software and Affected Versions grav versions prior to 1.7.49.5

Description The software contains a Stored Cross-Site Scripting issue within the page editing functionality. An authenticated, low-privileged user who has permission to edit content can inject malicious JavaScript payloads into editable fields. This payload is stored on the server and executed when another user views or edits the affected page.

Recommendations Update to version 1.7.49.5 or later.