CVE-2021-3818
5.3 MEDIUMgrav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
Published: 2021-09-27 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-565
Affected products
| Vendor | Product |
|---|---|
| getgrav | grav |
Description
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3818
- [Other]https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07
- [Patch]https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea
- [Other]https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07
- [Patch]https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea
Related CVEs
Same vendor
- CVE-2026-42844 — Grav is a file-based Web platform (8.8 HIGH)
- CVE-2026-42843 — Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and... (8.8 HIGH)
- CVE-2021-3904 — grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (5.4 MEDIUM)
- CVE-2021-3799 — grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames (5.4 MEDIUM)
Same CWE
- CVE-2026-8337 — Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys (5.3 MEDIUM)
- CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
- CVE-2024-0947 — Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Fal... (9.8 CRITICAL)
- CVE-2023-3050 — Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse... (9.8 CRITICAL)