CVE-2018-5233: Grav CMS Cross-site scripting (XSS) vulnerability
6.1
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.94982%
CWE
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
getgrav/grav | composer | < 1.3.0 | 1.3.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper output encoding in error handling:
- The code constructs $error_msg using the requested path (PATH_INFO) which contains user-controlled input
- This unsanitized $error_msg is passed to RuntimeException in both the catch block (line 355) and else clause (line 358)
- The exception message is rendered directly in error templates without HTML entity encoding
- Proof of Concepts demonstrate direct script execution via path manipulation
- The patch in v1.3.0 would logically involve adding proper encoding when handling $error_msg