ByteOS Network

NVD Vulnerability Details :

CVE-2026-44737

Deferred

Source-security-advisories@github.com

Published At-11 May, 2026 | 17:16

Updated At-13 May, 2026 | 16:04

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the data[header][title] parameter. As a result, attackers can craft a malicious URL with an XSS payload. When this URL is accessed, the injected script is reflected back in the HTTP response and executed within the context of the victim's browser session. This vulnerability is fixed in 1.10.49.5.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.2	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	security-advisories@github.com

CWE ID: CWE-79

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/getgrav/grav-plugin-admin/commit/f67cc18e81d8767bb43d29ee6422c55ed0427803	security-advisories@github.com	N/A
https://github.com/getgrav/grav/security/advisories/GHSA-fmg2-f5r9-24qc	security-advisories@github.com	N/A
https://github.com/getgrav/grav/security/advisories/GHSA-fmg2-f5r9-24qc	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A