Kirby Security Vulnerabilities and Issues — Kirby CVE List

Lucene search

GetkirbyKirby

5 matches found

CVE•added 2024/02/22 5:15 a.m.•4173 views

CVE-2024-26481

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.

4.7CVSS7.1AI score0.00098EPSS

CVE•added 2022/10/24 2:15 p.m.•95 views

CVE-2022-39314

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the auth.metho...

4.8CVSS4.3AI score0.00109EPSS

CVE•added 2022/08/24 8:15 p.m.•36 views

CVE-2018-14519

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

4.3CVSS4.5AI score0.00064EPSS

CVE•added 2019/05/13 1:29 p.m.•36 views

CVE-2018-16623

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2018/12/28 5:29 p.m.•35 views

CVE-2018-16630

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

4.8CVSS4.8AI score0.00235EPSS