Server side request forgery (ssrf)

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

CVE-2023-38490 Kirby XML External Entity (XXE) vulnerability in the XML data handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

CVE-2023-38490 Kirby XML External Entity (XXE) vulnerability in the XML data handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

PT-2023-26469 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.3 Kirby versions prior to 3.6.6.3 Kirby versions prior to 3.7.5.2 Kirby versions prior to 3.8.4.1 Kirby versions prior to 3.9.6 Description: The issue affects all Kirby sites with user accounts, unless Kirby's AP...