CVE-2017-16807: XSS
First published: Mon Nov 13 2017(Updated: )
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/getkirby/cms | >=2.5<2.5.7 | 2.5.7 |
| composer/getkirby/cms | >=2.4<2.4.2 | 2.4.2 |
| composer/getkirby/cms | <2.3.3 | 2.3.3 |
| Getkirby Panel | <2.3.3 | |
| Getkirby Panel | >=2.4.0<2.4.2 | |
| Getkirby Panel | >=2.5.0<2.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/github-advisory
- alias/GHSA-275c-v3rc-xghx
- alias/CVE-2017-16807
- collector/github-advisory-latest
- collector/nvd-index
- collector/nvd-cve
- package-manager/composer
- vendor/getkirby
- canonical/getkirby panel
- version/getkirby panel/2.4.0
- version/getkirby panel/2.5.0