GHSA-X68M-C7JF-2572 Kirby CMS's system API endpoint leaks installed version and license data to authenticated users

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. ---- Introduction Missing authorization allows authenticated users to perform actions they are not intended to have access to. The effects of missing authorization can...

PT-2026-37164

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization in the system API endpoint allows authenticated users to access sensitive information. Specifically, the '/api/system' endpoint leaks the installed...

EUVD-2022-2182

Malicious code in bioql PyPI...

CVE-2018-16624

panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page...

PT-2022-8036 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby version 2.5.12 Description: The issue allows malicious HTTP requests to be sent, which can trick a user into adding web pages. Recommendations: For Kirby version 2.5.12, at the moment, there is no information about a newer version that...

Kirby 跨站请求伪造漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby version 2.5.12, which can be exploited to force the deletion of a user's page by a remote attacker who can craft a malicious CSRF page that utilizes its "delete" page feature...

CVE-2018-16630

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file...