Kirby
by Getkirby
Source repositories
CVEs (48)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29460 | 0.00 | — | 0.03 | Apr 27, 2021 | Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser… | |||
| CVE-2020-26255 | 0.00 | — | 0.01 | Dec 8, 2020 | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers… | |||
| CVE-2020-26253 | 0.00 | — | 0.01 | Dec 8, 2020 | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin… | |||
| CVE-2018-16623 | 0.00 | — | 0.01 | May 13, 2019 | Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. | |||
| CVE-2018-16624 | 0.00 | — | 0.01 | May 13, 2019 | panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. | |||
| CVE-2018-16627 | 0.00 | — | 0.01 | Dec 20, 2018 | panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | |||
| CVE-2018-16628 | 0.00 | — | 0.01 | Dec 4, 2018 | panel/login in Kirby v2.5.12 allows XSS via a blog name. | |||
| CVE-2015-7773 | 0.00 | — | 0.01 | Nov 20, 2015 | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. |
- CVE-2021-29460Apr 27, 2021risk 0.00cvss —epss 0.03
Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser…
- CVE-2020-26255Dec 8, 2020risk 0.00cvss —epss 0.01
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers…
- CVE-2020-26253Dec 8, 2020risk 0.00cvss —epss 0.01
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin…
- CVE-2018-16623May 13, 2019risk 0.00cvss —epss 0.01
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
- CVE-2018-16624May 13, 2019risk 0.00cvss —epss 0.01
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
- CVE-2018-16627Dec 20, 2018risk 0.00cvss —epss 0.01
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
- CVE-2018-16628Dec 4, 2018risk 0.00cvss —epss 0.01
panel/login in Kirby v2.5.12 allows XSS via a blog name.
- CVE-2015-7773Nov 20, 2015risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension.
Page 3 of 3