CVE-2025-65186 – Grav CMS Stored XSS Vulnerability

CVE ID : CVE-2025-65186

Published : Dec. 2, 2025, 5:16 p.m. | 1 hour, 10 minutes ago

Description : Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize