Lucene search
K

19 matches found

CVE
CVE
added 2 days ago21 views

CVE-2026-54003

Summary of CVE-2026-54003 (Kirby CMS) : Affected Kirby installations with no configured user accounts, running behind a reverse proxy that sets Forwarded, X-Client-IP, or X-Real-IP headers could allow remote attackers to install the Panel and create the first admin user. This occurs on releases p...

9.1CVSS6AI score0.00545EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/18 3:4 p.m.12 views

Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

TL;DR This vulnerability affects Kirby sites that have no configured user accounts and are running on publicly accessible servers behind a reverse proxy that sets the Forwarded: for=..., X-Client-IP, or X-Real-IP request header. It was possible to install the Panel = create the first admin user i...

9.1CVSS5.6AI score0.00545EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50724

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description An external initialization issue exists in the Kirby Panel and REST API. This occurs when a site has no configured user accounts and is hosted on a publicly accessible...

9.1CVSS5.9AI score0.00545EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44153

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

5.3CVSS5.6AI score0.00033EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1926

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.02422EPSS
Exploits5References6
OSV
OSV
added 2022/05/14 12:55 a.m.18 views

GHSA-275C-V3RC-XGHX Kirby XSS Vulnerability

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

5.4CVSS5AI score0.02422EPSS
Exploits5References4
Github Security Blog
Github Security Blog
added 2022/05/14 12:55 a.m.24 views

Kirby XSS Vulnerability

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

5.4CVSS5.9AI score0.02422EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2020/12/08 3:15 p.m.23 views

CVE-2020-26255

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of...

9.1CVSS9.4AI score
Exploits0References6
OSV
OSV
added 2020/12/08 2:42 p.m.15 views

GHSA-G3H8-CG9X-47QW Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

Impact An editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors...

6.8CVSS9.5AI score0.0147EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2020/12/08 2:42 p.m.46 views

Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

Impact An editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors...

9.1CVSS1.7AI score0.0147EPSS
Exploits0References8Affected Software2
CNNVD
CNNVD
added 2020/12/07 12:0 a.m.8 views

Kirby Access Control Error Vulnerability

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby CMS versions prior to 3.3.6 and Kirby Panel versions prior to 2.5.14, which stems from the fact that the admin panel may be accessible if hosted in a .dev domain. To protect new installations on public...

6.8CVSS6.6AI score0.00561EPSS
Exploits0References6
CNVD
CNVD
added 2017/11/15 12:0 a.m.4 views

Kirby Panel Cross-Site Scripting Vulnerability

Kirby is a file-based CMS Content Management System system. panel is one of the control panel components. A cross-site scripting vulnerability exists in Kirby Panel versions prior to 2.3.3, 2.4.x versions prior to 2.4.2 and 2.5.x versions prior to 2.5.7. A remote attacker can exploit this...

5.4CVSS6.1AI score0.02422EPSS
Exploits5References1
NVD
NVD
added 2017/11/13 9:29 p.m.24 views

CVE-2017-16807

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

5.4CVSS5.2AI score0.02422EPSS
Exploits5References3
Prion
Prion
added 2017/11/13 9:29 p.m.18 views

Cross site scripting

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

3.5CVSS5.1AI score0.02422EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2017/11/13 9:29 p.m.19 views

CVE-2017-16807

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

5.4CVSS5.7AI score
Exploits0References3
CVE
CVE
added 2017/11/13 9:0 p.m.66 views

CVE-2017-16807

The CVE-2017-16807 entry describes a cross-site scripting (XSS) vulnerability in Kirby Panel when displaying a specially crafted SVG uploaded as a content file. Affected software includes Kirby Panel versions before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7. The root cause is improper han...

5.4CVSS5AI score0.02422EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2017/11/13 9:0 p.m.22 views

CVE-2017-16807

A cross-site Scripting XSS vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file...

5.1AI score0.02422EPSS
Exploits5References3
exploitpack
exploitpack
added 2017/11/13 12:0 a.m.65 views

Kirby CMS 2.5.7 - Cross-Site Scripting

Kirby CMS 2.5.7 - Cross-Site Scripting Exploit Title: KirbyCMS 2.5.7 Stored Cross Site Scripting Vendor Homepage: https://getkirby.com/ Software Link: https://getkirby.com/try Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince...

3.5CVSS0.02422EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/11/13 12:0 a.m.44 views

Kirby CMS < 2.5.7 - Cross-Site Scripting

Exploit Title: KirbyCMS 2.5.7 Stored Cross Site Scripting Vendor Homepage: https://getkirby.com/ Software Link: https://getkirby.com/try Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform: PHP CVE:...

5.4CVSS5.5AI score0.02422EPSS
Exploits5
Rows per page
Query Builder