3 matches found
CVE-2021-32735
Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. Malicious authenticated Panel users can...
CVE-2021-32735 Cross-site scripting (XSS) from field and configuration text displayed in the Panel
Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. Malicious authenticated Panel users can...
CVE-2021-32735
Kirby CMS vulnerability CVE-2021-32735 affects Kirby 3.5.5 and 3.5.6 where the Panel’s ListItem component displayed HTML in page titles (and related fields) as-is, enabling cross-site scripting (XSS). Exploitation could enable malicious authenticated Panel users to escalate privileges if they gai...