CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
62.0%
getkirby/cms is vulnerable to Improper Neutralization. The vulnerability exists in the decode
function at Txt.php
due to a field injection bug in the content storage implementation which allows an attacker to inject malicious data or code.
github.com/getkirby/kirby/commit/5071a12d169be0141d8e5f40a1a9a2113d3ae09c
github.com/getkirby/kirby/commit/a06265450f0dea65af5622e5f022b0e28557dfd3
github.com/getkirby/kirby/commit/a1e0f81c799ddae1af91cf37216f8ded9cb93540
github.com/getkirby/kirby/commit/d01f7e24debd62062db7556dda3726bf8e123370
github.com/getkirby/kirby/commit/f43983c1e413ba33cb3d6f0d111a13264c8c8077
github.com/getkirby/kirby/releases/tag/3.5.8.3
github.com/getkirby/kirby/releases/tag/3.6.6.3
github.com/getkirby/kirby/releases/tag/3.7.5.2
github.com/getkirby/kirby/releases/tag/3.8.4.1
github.com/getkirby/kirby/releases/tag/3.9.6
github.com/getkirby/kirby/security/advisories/GHSA-x5mr-p6v4-wp93