Lucene search
+L

5 matches found

OSV
OSV
added 2026/07/09 6:34 p.m.3 views

CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS5.8AI score0.00409EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/09 3:35 a.m.49 views

CVE-2026-42069 Kirby: Read access to site, user and role information is not gated by permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 12:23 a.m.3 views

CVE-2026-34587 Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...

7.6CVSS5.9AI score0.00334EPSS
Exploits0References5
NVD
NVD
added 2025/11/18 11:15 p.m.6 views

CVE-2025-65012

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...

5.4CVSS0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Kirby 代码问题漏洞

Kirby is a document-based content management system CMS. A security vulnerability exists in Kirby versions prior to 2.5.14 that stems from the fact that an editor with full access to the Kirby panel could upload a PHP .phar file and execute it on the server. No details of the vulnerability are...

9.1CVSS7.4AI score0.0147EPSS
Exploits0References7
Rows per page
Query Builder