Getkirby: Security Vulnerabilities
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-28
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-20
panel/login in Kirby v2.5.12 allows XSS via a blog name.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-04
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-11-13
Page 4