2 matches found
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
TL;DR This vulnerability affects Kirby sites that use the URL field in any blueprint. A successful attack commonly requires knowledge of the content structure by the attacker as well as social engineering of a user with access to the Panel. The attack cannot be automated. The vulnerability is als...
Kirby vulnerable to unrestricted file upload of user avatar images
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor and cannot be automated. ---- Introduction Unrestricted upload of files with a dangerous type is a type o...