Description

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8.

INFO

Published Date :

2025-12-02T18:40:44.081Z

Last Modified :

2025-12-02T19:25:50.350Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66468 vulnerability.

Vendors Products
Aimeos
  • Ai-cms-grapesjs
  • Grapesjs Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66468.

URL Resource
https://github.com/aimeos/ai-cms-grapesjs/commit/2214f71ac27cdea25f11c8adf6bb5816db47a042 cve-icon cve-icon
https://github.com/aimeos/ai-cms-grapesjs/security/advisories/GHSA-424m-fj2q-g7vg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact