EPSS
Percentile
24.8%
getkirby/kirby is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victims browser via the Title of the βSite optionsβ in the admin panel dashboard dropdown.
github.com/security-breachlock/CVE-2018-16623/blob/master/CVE-2018-16623.pdf