What the vulnerability does
01Description
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3904
MEDIUM
CVE-2021-3904: Cross-site Scripting (XSS) - Stored in getgrav/grav
CVSS base score
6.3/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Key dates
02Disclosure timeline
October 27, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-24704 WordPress Magic the Gathering Card Tooltips plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-36994 Persistent Cross-site Scripting (XSS) in Dashboard Elements
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
CVE-2026-33045 Home Assistant has stored XSS in history-graphs
CVE-2021-39357 Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting
