Filtered by vendor Getkirby
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16623 | 1 Getkirby | 1 Kirby | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. | |||||
CVE-2018-16630 | 1 Getkirby | 1 Kirby | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | |||||
CVE-2018-16628 | 1 Getkirby | 1 Kirby | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
panel/login in Kirby v2.5.12 allows XSS via a blog name. | |||||
CVE-2018-16627 | 1 Getkirby | 1 Kirby | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | |||||
CVE-2017-16807 | 1 Getkirby | 1 Panel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. |