Panel
by Getkirby
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16807 | Med | 0.38 | 5.4 | 0.02 | Nov 13, 2017 | A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | ||
| CVE-2018-16630 | 0.00 | — | 0.01 | Dec 28, 2018 | Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | |||
| CVE-2018-16627 | 0.00 | — | 0.01 | Dec 20, 2018 | panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | |||
| CVE-2018-16628 | 0.00 | — | 0.01 | Dec 4, 2018 | panel/login in Kirby v2.5.12 allows XSS via a blog name. |
- risk 0.38cvss 5.4epss 0.02
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
- CVE-2018-16630Dec 28, 2018risk 0.00cvss —epss 0.01
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
- CVE-2018-16627Dec 20, 2018risk 0.00cvss —epss 0.01
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
- CVE-2018-16628Dec 4, 2018risk 0.00cvss —epss 0.01
panel/login in Kirby v2.5.12 allows XSS via a blog name.