1. Grav CMS Stored XSS Vulnerability CVE-2026-42612: Blacklist Bypass Enables Arbitrary JavaScript Execution for Publisher Accounts
A high-severity stored Cross-Site Scripting vulnerability has been identified in Grav, a file-based web platform, affecting all versions prior to 2.0.0-beta.2. Tracked as CVE-2026-42612 with a CVSS score of 8.5, the flaw enables publisher-level accounts to execute arbitrary JavaScript through a blacklist bypass in the ...