[MEDIUM] Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab

PKSA-fhbw-8kkc-q4g7 CVE-2025-66309 GHSA-65mj-f7p4-wggq

Affected package: getgrav/grav

Affected version: <1.8.0-beta.27

Reported by:
GitHub