Filter
composer/getkirby/cmsInsufficient permission checks in the language settings in Kirby CMS
8.1
First published (updated )
Getkirby KirbyKirby vulnerable to denial of service from unlimited password lengths
7.5
First published (updated )
composer/getkirby/cmsKirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
5.7
First published (updated )
Getkirby KirbyKirby XML External Entity (XXE) vulnerability in the XML data handler
10
First published (updated )
Getkirby KirbyKirby vulnerable to Insufficient Session Expiration after a password change
7.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/getkirby/cmsKirby vulnerable to field injection in the KirbyData text storage handler
8.8
First published (updated )
Getkirby Webmentionsbastianallgeier Kirby Webmentions Plugin injection
9.8
First published (updated )
Getkirby KirbyKirby CMS vulnerable to user enumeration in the brute force protection
6.5
First published (updated )
Getkirby KirbyUser enumeration in the code-based login and password reset forms
4.8
First published (updated )
Getkirby KirbyCross-site scripting (XSS) from dynamic options in the multiselect field in Kirby
5.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getkirby KirbyCross-site scripting (XSS) from image block content in the site frontend
7.3
First published (updated )
Getkirby KirbyCross-site scripting (XSS) from writer field content in the site frontend
7.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getkirby KirbyCross-site scripting (XSS) from field and configuration text displayed in the Panel
7.1
First published (updated )
Getkirby KirbyCross-site scripting (XSS) from unsanitized uploaded SVG files
7.6
First published (updated )
Getkirby KirbyPHP Phar archives could be uploaded and executed in Kirby
9.1
First published (updated )
Getkirby Kirby.dev domains treated as local in Kirby
6.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getkirby Kirbypanel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.