VYPR

Kirby

by Getkirby

Source repositories

CVEs (48)

  • CVE-2021-29460Apr 27, 2021
    risk 0.00cvss epss 0.03

    Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser…

  • CVE-2020-26255Dec 8, 2020
    risk 0.00cvss epss 0.01

    Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers…

  • CVE-2020-26253Dec 8, 2020
    risk 0.00cvss epss 0.01

    Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin…

  • CVE-2018-16623May 13, 2019
    risk 0.00cvss epss 0.01

    Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.

  • CVE-2018-16624May 13, 2019
    risk 0.00cvss epss 0.01

    panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.

  • CVE-2018-16627Dec 20, 2018
    risk 0.00cvss epss 0.01

    panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

  • CVE-2018-16628Dec 4, 2018
    risk 0.00cvss epss 0.01

    panel/login in Kirby v2.5.12 allows XSS via a blog name.

  • CVE-2015-7773Nov 20, 2015
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension.

Page 3 of 3