Kirby@3.5.0 Security Vulnerabilities and Issues — Kirby@3.5.0 CVE List

Lucene search

GetkirbyKirby3.5.0

7 matches found

CVE•added 2023/07/27 4:15 p.m.•2578 views

CVE-2023-38492

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world impact of this vulnerability is limited, however we still rec...

7.5CVSS6.5AI score0.00098EPSS

CVE•added 2023/07/27 4:15 p.m.•2513 views

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content f...

5.7CVSS5.4AI score0.00148EPSS

CVE•added 2023/07/27 3:15 p.m.•2489 views

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser th...

7.3CVSS7.2AI score0.00155EPSS

CVE•added 2023/07/27 3:15 p.m.•76 views

CVE-2023-38488

8.8CVSS7.9AI score0.0007EPSS

CVE•added 2023/07/27 3:15 p.m.•60 views

CVE-2023-38490

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler (e.g. Data::decode($string, 'xml')) or the Xml::parse() method in site or plugin code. The Kirby core does not use any of t...

10CVSS8AI score0.18066EPSS

CVE•added 2021/11/16 6:15 p.m.•52 views

CVE-2021-41258

Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters to protect against cross-sit...

7.3CVSS5.3AI score0.00382EPSS

CVE•added 2021/11/16 6:15 p.m.•49 views

CVE-2021-41252

Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user ...

7.3CVSS5.4AI score0.00328EPSS