Kirby Security Vulnerabilities and Issues — Kirby CVE List

Lucene search

GetkirbyKirby

4 matches found

CVE•added 2024/02/22 5:15 a.m.•4173 views

CVE-2024-26481

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.

4.7CVSS7.1AI score0.00098EPSS

CVE•added 2024/02/22 5:15 a.m.•3501 views

CVE-2024-26483

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

8.8CVSS7.5AI score0.00206EPSS

CVE•added 2024/02/22 5:15 a.m.•1399 views

CVE-2024-26484

A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...

6.1CVSS5.5AI score0.0009EPSS

CVE•added 2024/02/26 5:15 p.m.•102 views

CVE-2024-27087

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the ...

5.4CVSS5.1AI score0.00781EPSS