CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-35174

A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://owasp.org/www-community/attacks/xss/
https://www.youtube.com/watch?v=0lngc_zPTSg
https://owasp.org/www-community/attacks/xss/
https://www.youtube.com/watch?v=0lngc_zPTSg

Products affected by CVE-2022-35174

Getkirby » Starterkit » Version: 3.7.0.2

cpe:2.3:a:getkirby:starterkit:3.7.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-35174

Products

Pricing

Contact Us