Vendor CVEs
Getkirby
All CVEs
53 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16627 | 0.00 | — | 0.01 | Dec 20, 2018 | panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | |||
| CVE-2018-16628 | 0.00 | — | 0.01 | Dec 4, 2018 | panel/login in Kirby v2.5.12 allows XSS via a blog name. | |||
| CVE-2015-7773 | 0.00 | — | 0.01 | Nov 20, 2015 | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. |
- CVE-2018-16627Dec 20, 2018risk 0.00cvss —epss 0.01
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
- CVE-2018-16628Dec 4, 2018risk 0.00cvss —epss 0.01
panel/login in Kirby v2.5.12 allows XSS via a blog name.
- CVE-2015-7773Nov 20, 2015risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension.
Page 2 of 2