Lucene search
GetkirbyKirby
3 matches found
CVE-2018-16627
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
6.1CVSS6.4AI score0.0024EPSS
CVE-2018-16630
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
4.8CVSS4.8AI score0.00235EPSS
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name.
5.4CVSS5.1AI score0.00206EPSS