Medium severity5.4NVD Advisory· Published Nov 13, 2017· Updated May 13, 2026

CVE-2017-16807

Description

A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
getkirby/cmsPackagist	< 2.3.3	2.3.3
getkirby/cmsPackagist	>= 2.4, < 2.4.2	2.4.2
getkirby/cmsPackagist	>= 2.5, < 2.5.7	2.5.7

Affected products

Getkirby/Panel
cpe:2.3:a:getkirby:panel:*:*:*:*:*:*:*:*
Range: <2.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/144965/KirbyCMS-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB EntryWEB
www.exploit-db.com/exploits/43140/nvdExploitThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-275c-v3rc-xghxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-16807ghsaADVISORY
getkirby.com/changelog/kirby-2-5-7nvdBroken LinkWEB
www.exploit-db.com/exploits/43140ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000