VYPR

Panel

by Getkirby

Source repositories

CVEs (4)

  • CVE-2017-16807MedNov 13, 2017
    risk 0.38cvss 5.4epss 0.02

    A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

  • CVE-2018-16630Dec 28, 2018
    risk 0.00cvss epss 0.01

    Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

  • CVE-2018-16627Dec 20, 2018
    risk 0.00cvss epss 0.01

    panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

  • CVE-2018-16628Dec 4, 2018
    risk 0.00cvss epss 0.01

    panel/login in Kirby v2.5.12 allows XSS via a blog name.