Kirby@3.7.0 Security Vulnerabilities and Issues — Kirby@3.7.0 CVE List

Lucene search

GetkirbyKirby3.7.0

10 matches found

CVE•added 2024/02/22 5:15 a.m.•4175 views

CVE-2024-26481

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.

4.7CVSS7.1AI score0.00098EPSS

CVE•added 2024/02/22 5:15 a.m.•3503 views

CVE-2024-26483

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

8.8CVSS7.5AI score0.00157EPSS

CVE•added 2023/07/27 4:15 p.m.•2578 views

CVE-2023-38492

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world impact of this vulnerability is limited, however we still rec...

7.5CVSS6.5AI score0.00098EPSS

CVE•added 2023/07/27 4:15 p.m.•2513 views

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content f...

5.7CVSS5.4AI score0.00148EPSS

CVE•added 2023/07/27 3:15 p.m.•2489 views

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser th...

7.3CVSS7.2AI score0.00155EPSS

CVE•added 2022/10/25 5:15 p.m.•105 views

CVE-2022-39315

Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does no...

6.5CVSS5.5AI score0.00135EPSS

CVE•added 2022/10/24 2:15 p.m.•96 views

CVE-2022-39314

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the auth.metho...

4.8CVSS4.3AI score0.00116EPSS

CVE•added 2023/07/27 3:15 p.m.•76 views

CVE-2023-38488

8.8CVSS7.9AI score0.0007EPSS

CVE•added 2023/07/27 3:15 p.m.•60 views

CVE-2023-38490

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler (e.g. Data::decode($string, 'xml')) or the Xml::parse() method in site or plugin code. The Kirby core does not use any of t...

10CVSS8AI score0.18066EPSS

CVE•added 2024/08/29 5:15 p.m.•51 views

CVE-2024-41964

Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's fron...

8.1CVSS8AI score0.00238EPSS