← Back

CVE-2025-66468

nvd nist
Published: Dec 2, 2025Modified: Mar 10, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.

Affected (5)

Products: Aimeos: Grapesjs Cms
Aimeos
1 product
Grapesjs Cms
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Aimeos
Grapesjs Cms
From 2021.04.1 to 2021.10.8
Grapesjs Cms
From 2022.04.1 to 2022.10.9
Grapesjs Cms
From 2023.04.1 to 2023.10.15
Grapesjs Cms
From 2024.04.1 to 2024.10.8
Grapesjs Cms
From 2025.04.1 to 2025.10.2

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.