CVE-2026-55890: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in getgrav grav
Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling MediaObjectTrait::style…
Read the full article5h agoen


Comments
Sign in to join the conversation.
No comments yet. Be the first.