Lucene search

K

13 matches found

CVE
CVE
added 2024/02/22 5:15 a.m.4175 views

CVE-2024-26481

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.

4.7CVSS7.1AI score0.00098EPSS
CVE
CVE
added 2024/02/22 5:15 a.m.3503 views

CVE-2024-26483

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

8.8CVSS7.5AI score0.00157EPSS
CVE
CVE
added 2022/08/29 6:15 p.m.490 views

CVE-2022-36037

kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Pane...

5.9CVSS5.5AI score0.00627EPSS
CVE
CVE
added 2021/04/27 8:15 p.m.115 views

CVE-2021-29460

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like [removed] tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in ...

7.6CVSS5.7AI score0.0112EPSS
Web
CVE
CVE
added 2022/10/25 5:15 p.m.105 views

CVE-2022-39315

Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does no...

6.5CVSS5.5AI score0.00135EPSS
CVE
CVE
added 2022/10/24 2:15 p.m.96 views

CVE-2022-39314

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the auth.metho...

4.8CVSS4.3AI score0.00116EPSS
CVE
CVE
added 2020/12/08 2:15 a.m.70 views

CVE-2020-26253

Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

6.8CVSS5.6AI score0.00161EPSS
CVE
CVE
added 2021/07/02 3:15 p.m.60 views

CVE-2021-32735

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can es...

7.1CVSS5.4AI score0.00217EPSS
CVE
CVE
added 2020/12/08 3:15 p.m.52 views

CVE-2020-26255

Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of aut...

9.1CVSS8.2AI score0.01108EPSS
CVE
CVE
added 2024/08/29 5:15 p.m.51 views

CVE-2024-41964

Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's fron...

8.1CVSS8AI score0.00238EPSS
CVE
CVE
added 2025/05/13 4:15 p.m.38 views

CVE-2025-30207

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or C...

7.5CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2025/05/13 3:15 p.m.32 views

CVE-2025-30159

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the snippet() helper or $kirby->snippet() method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites ...

9.1CVSS7.1AI score0.00124EPSS
CVE
CVE
added 2025/05/13 4:15 p.m.30 views

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection() helper or $kirby->collection() method with a dynamic collection name (such as a collection name that depends on request or user d...

9.1CVSS6.5AI score0.00093EPSS