GHSA-5jxc-hmqf-3f73

GitHub Security Advisory

Cross-Site Scripting in grav

✓ GitHub Reviewed MODERATE Has CVE

grav prior to version 1.7.24 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

Packagist getgrav/grav

Affected versions: 0 (fixed in 1.7.24)

CVE-2021-3904

GHSA ID

GHSA-5jxc-hmqf-3f73

Published

November 1, 2021 7:17 PM

Last Modified

November 1, 2021 2:06 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

getgrav/grav

GitHub Reviewed

✓ Yes

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.