GSA_kwCzR0hTQS00bTJnLTY2OHYtandqeM4AAuGj

Moderate EPSS: 0.00251% (0.48415 Percentile) EPSS:

Permalink JSON

Cross site scripting in getkirby/starterkit

Affected Packages	Affected Versions	Fixed Versions
packagist:getkirby/starterkit	<= 3.7.0.2	No known fixed version
0 Dependent packages 0 Dependent repositories 8,770 Downloads total Affected Version Ranges All affected versions

A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-35174
https://owasp.org/www-community/attacks/xss/
https://www.youtube.com/watch?v=0lngc_zPTSg
https://github.com/advisories/GHSA-4m2g-668v-jwjx

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS00bTJnLTY2OHYtandqeM4AAuGj

Cross site scripting in getkirby/starterkit

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API