4.8 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): High (H)
- User Interaction (UI): Passive (P)
- Vulnerable System Impact Confidentiality (VC): Low (L)
- Vulnerable System Impact Integrity (VI): Low (L)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): Low (L)
- Subsequent System Impact Integrity (SI): Low (L)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): Passive (P)
- Modified Vulnerable System Impact Confidentiality (MVC): Low (L)
- Modified Vulnerable System Impact Integrity (MVI): Low (L)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Low (L)
- Modified Subsequent System Impact Integrity (MSI): Low (L)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
Grav - Stored CSS Injection via Markdown Image resize() Action
Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection vulnerability in the Markdown image resize() media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute() fallbacks, but the resize() action in Excerpts::processMediaActions() writes caller-controlled values directly into the image's styleAttributes. A lower-privileged content editor who can edit page Markdown can store a crafted image URL with semicolon-delimited CSS declarations in the resize parameters, which are rendered into the final <img style=...> attribute when a higher-privileged reviewer/admin views the page or preview. This does not require JavaScript execution but enables UI redress/overlay and content-manipulation attacks (e.g., a full-viewport fixed overlay). Fixed in 2.0.0.
References
-
-
VulnCheck Advisory: Grav - Stored CSS Injection via Markdown Image resize() Action third-party-advisory
Affected products
- <2.0.0
- ==2.0.0
Matching in nixpkgs
pkgs.grav
Fast, simple, and flexible, file-based web platform
pkgs.gravit
Beautiful OpenGL-based gravity simulator
pkgs.antigravity
Agentic development platform, evolving the IDE into the agent-first era
pkgs.antigravity-cli
Google's Go-based terminal user interface (TUI) agent client
pkgs.antigravity-fhs
Wrapped variant of antigravity which launches in a FHS compatible environment, should allow for easy usage of extensions without nix-specific modifications
pkgs.stardust-xr-gravity
Utility to launch apps and stardust clients at an offet
-
nixos-unstable 0-unstable-2024-12-29
- nixpkgs-unstable 0-unstable-2024-12-29
- nixos-unstable-small 0-unstable-2024-12-29
-
nixos-26.05 0-unstable-2024-12-29
- nixos-26.05-small 0-unstable-2024-12-29
- nixpkgs-26.05-darwin 0-unstable-2024-12-29
pkgs.kdePackages.libgravatar
Library that provides Gravatar support
pkgs.gnomeExtensions.gravatar
Synchronize GNOME Shell user icon with an avatar service, one of Gravatar or Libravatar.
pkgs.haskellPackages.gravatar
Generate Gravatar image URLs
pkgs.python313Packages.libgravatar
Library that provides a Python 3 interface for the Gravatar API
pkgs.python314Packages.libgravatar
Library that provides a Python 3 interface for the Gravatar API
pkgs.python313Packages.flask-gravatar
Small and simple integration of gravatar into flask
pkgs.python314Packages.flask-gravatar
Small and simple integration of gravatar into flask
pkgs.python313Packages.django-gravatar2
Essential Gravatar support for Django
pkgs.python314Packages.django-gravatar2
Essential Gravatar support for Django
pkgs.perlPackages.MojoliciousPluginGravatar
Globally Recognized Avatars for Mojolicious
Package maintainers
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@Zaczero Kamil Monicz <kamil@monicz.dev>
-
@u3kkasha Fida Waseque Choudhury <fida.waseque@gmail.com>
-
@AdrielVelazquez Adriel Velazquez <AdrielVelazquez@gmail.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@rycee Robert Helgesson <robert@rycee.net>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@K900 Ilya K. <me@0upti.me>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@stigtsp Stig Palmquist <stig@stig.io>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
-
@technobaboo Nova King