Vulnerability Details CVE-2025-66468
The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.3%
CVSS Severity
CVSS v3 Score 7.6
References
Products affected by CVE-2025-66468
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.04.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.04.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.04.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.04.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.04.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.04.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.07.7
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2021.10.7
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.04.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.04.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.04.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.04.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.07.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.07.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.07.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.7
-
cpe:2.3:a:aimeos:grapesjs_cms:2022.10.8
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.04.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.04.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.07.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.07.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.07.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.07.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.10
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.11
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.12
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.13
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.14
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.7
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.8
-
cpe:2.3:a:aimeos:grapesjs_cms:2023.10.9
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.04.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.04.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.04.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.04.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.04.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.04.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.07.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.07.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.07.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.3
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.4
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.5
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.6
-
cpe:2.3:a:aimeos:grapesjs_cms:2024.10.7
-
cpe:2.3:a:aimeos:grapesjs_cms:2025.04.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2025.04.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2025.07.1
-
cpe:2.3:a:aimeos:grapesjs_cms:2025.07.2
-
cpe:2.3:a:aimeos:grapesjs_cms:2025.10.1