7 matches found
CVE-2021-29460
Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like...
Code injection
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2021-29460
creationtimestamp| type| source ---|---|--- 2021-04-28 14:05:12+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/276...
Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...
Kirby CMS 3.5.3.1 - (file) Cross-Site Scripting Vulnerability
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host: User-Agent:...
Kirby CMS 3.5.3.1 Cross Site Scripting
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...
CVE-2021-29460
Summary of CVE-2021-29460 : Kirby, an open‑source CMS, is vulnerable to cross‑site scripting via unsanitized SVG uploads. An editor with write access to the Kirby Panel can upload an SVG file containing harmful content (for example, script tags). If a victim opens such a link while logged into Ki...