{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T06:03:45.575","vulnerabilities":[{"cve":{"id":"CVE-2025-66468","sourceIdentifier":"security-advisories@github.com","published":"2025-12-02T19:15:53.310","lastModified":"2026-03-10T19:38:23.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:grapesjs_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"2021.04.1","versionEndExcluding":"2021.10.8","matchCriteriaId":"C0FCB6FE-18A7-45B2-B339-0BD693C023EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:grapesjs_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.04.1","versionEndExcluding":"2022.10.9","matchCriteriaId":"9F2DCAA9-41AC-4650-940C-8053478BA456"},{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:grapesjs_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.04.1","versionEndExcluding":"2023.10.15","matchCriteriaId":"3FF92937-D16D-475A-AD25-CB1BABC551A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:grapesjs_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.04.1","versionEndExcluding":"2024.10.8","matchCriteriaId":"08BF8C10-4F1F-4734-BD4C-40DE39959FB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:grapesjs_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.04.1","versionEndExcluding":"2025.10.2","matchCriteriaId":"9B5E16CE-DC04-4A08-A975-922B6ECE1F00"}]}]}],"references":[{"url":"https://github.com/aimeos/ai-cms-grapesjs/commit/2214f71ac27cdea25f11c8adf6bb5816db47a042","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-cms-grapesjs/security/advisories/GHSA-424m-fj2q-g7vg","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}