3 matches found
GHSA-8FV7-WQ38-F5C9 Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Your Kirby sites are not affected if they don't allow file uploads for untrusted users ...
Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Your Kirby sites are not affected if they don't allow file uploads for untrusted users ...
Denial of service from unlimited password lengths
TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...