XSS in Grav Grav-plugin-api
CVE-2026-11982
Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Grav Grav-plugin-api — versions 1.7.52
Weakness classification (CWE)
References
- help@fluidattacks.com (third-party-advisory)
- help@fluidattacks.com (product)
- help@fluidattacks.com (patch)
- help@fluidattacks.com (vendor-advisory)