Information disclosure

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file e.g. via a...

Cross site scripting

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...