{"id":59805,"date":"2025-08-01T17:27:56","date_gmt":"2025-08-01T17:27:56","guid":{"rendered":""},"modified":"2025-09-12T11:18:30","modified_gmt":"2025-09-12T17:18:30","slug":"cve-2025-46198-cross-site-scripting-vulnerability-in-grav-versions-1-7-46-to-1-7-48","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46198-cross-site-scripting-vulnerability-in-grav-versions-1-7-46-to-1-7-48\/","title":{"rendered":"CVE-2025-46198: Cross Site Scripting Vulnerability in Grav Versions 1.7.46 to 1.7.48<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the realm of cybersecurity, one of the most prevalent vulnerabilities is Cross Site Scripting (XSS). This vulnerability has once again reared its ugly head in the recent Common Vulnerabilities and Exposures (CVE) identified as CVE-2025-46198. This particular vulnerability affects the Grav Content Management<\/a> System (CMS), specifically versions 1.7.46 through 1.7.48. It’s a critical issue as it allows an attacker to execute arbitrary<\/a> code through a seemingly benign image element. Given the prominence and widespread use of Grav CMS, this vulnerability has the potential to compromise systems<\/a> and data on a large scale.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-46198
\nSeverity: High (8.8 based on CVSS score)
\nAttack Vector: Cross Site<\/a> Scripting (XSS)
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n