CVE Catalog

CVE-2026-11982

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Summary

Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

Risk Assessment

Exploitation of this vulnerability may allow for malicious code execution in the context of the user's browser, posing a threat to data and user security.

Recommendation

It is recommended to update to the latest version of Grav and Admin2 to mitigate this vulnerability.

Original NVD description (English source)

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS