CVE Catalog
CVE-2026-11982
MediumCVSS 5.1Summary
Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.
Risk Assessment
Exploitation of this vulnerability may allow for malicious code execution in the context of the user's browser, posing a threat to data and user security.
Recommendation
It is recommended to update to the latest version of Grav and Admin2 to mitigate this vulnerability.
Original NVD description (English source)
Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

