CVE-2025-46199
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-08-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| getgrav | grav | to 1.8.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46199 is a Cross-Site Scripting (XSS) vulnerability in Grav CMS version 1.7.48 and earlier. It allows an attacker with editor-level permissions or the ability to publish content to inject malicious JavaScript code into form fields. When other users or administrators view the compromised content, the injected script executes arbitrary code in their browsers, potentially leading to unauthorized actions or data theft. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary code in the browsers of users or administrators who view the compromised content. This can lead to theft of sensitive information, session hijacking, unauthorized actions performed on behalf of users, and potentially full system compromise depending on the context of the attack. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing for Cross-Site Scripting (XSS) in Grav CMS version 1.7.48 and earlier, particularly by attempting to inject crafted script tags into form fields. A proof-of-concept involves injecting a script tag such as `<isindex x="javascript:" onmouseover="alert('tyojong')">` into form inputs and observing if the script executes when the content is viewed. Network detection could involve monitoring HTTP requests for suspicious script injections in form submissions. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting editor-level permissions to trusted users only, avoiding publishing untrusted content, and monitoring for suspicious script injections in form fields. Since the vulnerability persists due to an unpatched related issue, applying any available patches or updates from Grav CMS is recommended once released. Additionally, implementing web application firewalls (WAF) to filter out malicious scripts and sanitizing user inputs can help reduce risk. [1]