Kirby@2.5.12 Security Vulnerabilities and Issues — Kirby@2.5.12 CVE List

Lucene search

GetkirbyKirby2.5.12

7 matches found

CVE•added 2018/12/20 11:29 p.m.•41 views

CVE-2018-16627

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

6.1CVSS6.4AI score0.0024EPSS

CVE•added 2022/08/24 8:15 p.m.•36 views

CVE-2018-14519

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

4.3CVSS4.5AI score0.00064EPSS

CVE•added 2019/05/13 1:29 p.m.•36 views

CVE-2018-16623

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2019/05/13 1:29 p.m.•36 views

CVE-2018-16624

panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2022/08/24 8:15 p.m.•35 views

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.

5.4CVSS5.3AI score0.00098EPSS

CVE•added 2018/12/28 5:29 p.m.•35 views

CVE-2018-16630

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2018/12/04 4:29 p.m.•32 views

CVE-2018-16628

panel/login in Kirby v2.5.12 allows XSS via a blog name.

5.4CVSS5.1AI score0.00206EPSS