[MEDIUM] Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

PKSA-j9sn-rww3-fk26 CVE-2025-66308 GHSA-gqxx-248x-g29f

Affected package: getgrav/grav

Affected version: <1.8.0-beta.27

Reported by:
GitHub