CVE-2026-11982
Stored XSS via missing XSS safety check in Admin2 Pages API partial validation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.
| CWE | CWE-79 |
| Vendor | grav |
| Product | grav-plugin-api |
| Published | Jun 18, 2026 |
| Last Updated | Jun 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for grav grav-plugin-api
Be the first to know when new unknown vulnerabilities affecting grav grav-plugin-api are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Grav / grav-plugin-api
1.7.52
References
fluidattacks.com: https://fluidattacks.com/es/advisories/luis github.com: https://github.com/getgrav/grav-plugin-api github.com: https://github.com/getgrav/grav-plugin-api/commit/b8ca62eddb7dbea92075a78b1c0a507f03d66d4a github.com: https://github.com/getgrav/grav/security/advisories/GHSA-5wc5-7v9g-f7v6
Credits
Santiago Alvarez Fluid Attacks' AI SAST Scanner