Getkirby

Kirby

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2024-26481

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.02.2024 05:15:09
  • Zuletzt bearbeitet 08.04.2025 14:14:12

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.

7.5

CVE-2023-38492

  • EPSS 0.1%
  • Veröffentlicht 27.07.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 08:13:41

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world impact of th...

5.4

CVE-2023-38491

  • EPSS 0.15%
  • Veröffentlicht 27.07.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:13:40

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visi...

10

CVE-2023-38490

  • EPSS 18.07%
  • Veröffentlicht 27.07.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:13:40

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in si...

7.3

CVE-2023-38489

  • EPSS 0.16%
  • Veröffentlicht 27.07.2023 15:15:12
  • Zuletzt bearbeitet 21.11.2024 08:13:40

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a ...

8.8

CVE-2023-38488

  • EPSS 0.07%
  • Veröffentlicht 27.07.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:13:40

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visi...

5.3

CVE-2022-39315

  • EPSS 0.44%
  • Veröffentlicht 25.10.2022 17:15:55
  • Zuletzt bearbeitet 21.11.2024 07:18:01

Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploite...

3.7

CVE-2022-39314

  • EPSS 0.19%
  • Veröffentlicht 24.10.2022 14:15:51
  • Zuletzt bearbeitet 30.01.2026 20:16:35

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code...

5.4

CVE-2022-36037

  • EPSS 0.6%
  • Veröffentlicht 29.08.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:12:14

kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Pane...

5.4

CVE-2018-14520

Exploit
  • EPSS 0.23%
  • Veröffentlicht 24.08.2022 20:15:08
  • Zuletzt bearbeitet 17.06.2025 20:15:23

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.