cvedb.io
CVE-2025-66468
HIGH · CVSS 7.6
EPSS exploitation probability: 0%
Published 2025-12-02T19:15:53.310 · Last modified 2026-06-17T09:56:53.327

Summary

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.

Affected products

aimeos — grapesjs_cms

Does this affect you?

Add your gear to cvedb and we'll alert you only when aimeos ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.