CVE-2025-66468 – Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors

CVE ID : CVE-2025-66468

Published : Dec. 2, 2025, 7:15 p.m. | 1 hour, 10 minutes ago

Description : The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-13658 – Industrial Video & Control Longwatch has a Code Injection vulnerability

CVE-2025-13510 – Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

CVE-2025-13542 – DesignThemes LMS

CVE-2025-66460 – Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables