Kirby .dev domains and some reverse proxy setups were treated as local

Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the 1 ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or 2...