CVE-2025-66308 | grav up to 1.10.x Admin Plugin /admin/config/site cross site scripting (GHSA-gqxx-248x-g29f)

A vulnerability was found in grav up to 1.10.x. It has been declared as problematic. The impacted element is an unknown function of the file /admin/config/site of the component Admin Plugin. Executing manipulation can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-66308. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More