Lucene search
K

5 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-54002

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS0.00409EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/24 2:51 a.m.4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Option::render and Options::factory code paths in the Option, Options, OptionsApi, and OptionsQuery classes. An attacker can inject template/query syntax into...

8.6CVSS5.4AI score0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions prior to Kirby 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from improper handling of CDATA blocks by the Xml::value method, which may allow structured data outside of valid CDATA blocks...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 10:44 p.m.14 views

CVE-2025-65012

Kirby CMS 5.0.0–5.1.3 contains a cross-site scripting (XSS) vulnerability in the Changes dialog. An attacker with authenticated Panel user access can corrupt a page title or username with a malicious string, then modify related content fields; when another authenticated user opens the dialog, the...

5.4CVSS6.5AI score0.00159EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47416

Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.1.3 Description Kirby is a content management system. Attackers could modify the title of any page or the name of any user to a malicious string. Subsequently, they could alter any content field of the same model...

5.1CVSS6.1AI score0.00159EPSS
Exploits0References6
Rows per page
Query Builder