Security Advisories - PKSA-p98m-jfx1-qxw4 - Packagist.org

PKSA-p98m-jfx1-qxw4 Security Advisory

[MEDIUM] Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() — incomplete patch of GHSA-r7fx-8g49-7hhr

PKSA-p98m-jfx1-qxw4 CVE-2026-55890 GHSA-pmf8-g7c8-7v54

Affected package: getgrav/grav

Affected version: <=2.0.0-rc.8

Reported by:
GitHub