Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2025-46198

HIGH severity · CVSS 8.8 · Cross-site scripting (XSS)
8.8CVSS HIGH

Summary

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products we track (1)

Grav

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information