11 matches found
Cross-site Scripting (XSS)
getkirby/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controlled fields such as page titles or usernames displayed in the "Changes" dialog, which allows an attacker to inject malicious code that executes when another authenticated user...
CVE-2025-65012
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Changes dialog. An attacker can execute arbitrary scripts in the context of another authenticated user's session by injecting malicious code into page titles or usernames, which is then triggered when...
CVE-2025-65012
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
EUVD-2025-198062
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
CVE-2025-65012 Kirby CMS has cross-site scripting (XSS) in the changes dialog
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
CVE-2025-65012 Kirby CMS has cross-site scripting (XSS) in the changes dialog
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
CVE-2025-65012
Kirby CMS 5.0.0–5.1.3 contains a cross-site scripting (XSS) vulnerability in the Changes dialog. An attacker with authenticated Panel user access can corrupt a page title or username with a malicious string, then modify related content fields; when another authenticated user opens the dialog, the...
CVE-2025-65012 Kirby CMS has cross-site scripting (XSS) in the changes dialog
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...
GHSA-84HF-8GH5-575J Kirby CMS has cross-site scripting (XSS) in the changes dialog
TL;DR This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. ---- Introductio...
Kirby CMS has cross-site scripting (XSS) in the changes dialog
TL;DR This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. ---- Introductio...