Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist getkirby/cms Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xdjR4LXYydjQtZjhwOc4AA5cm
Kirby CMS HTML injection vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS14NW1yLXA2djQtd3A5M84AA08O
Field injection in the KirbyData text storage handler
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 9 months ago
High
GSA_kwCzR0hTQS01bXZqLXJ2cDgtcmY0Nc4AA08N
Insufficient Session Expiration after a password change
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1xMzg2LXc2ZmctZ21ncM4AA08M
XML External Entity (XXE) vulnerability in the XML data handler
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04ZnY3LXdxMzgtZjVjOc4AA08L
Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0zdjZqLXYzcWMtY3hmZs4AA08K
Denial of service from unlimited password lengths
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1jMjdqLTc2eGctNng0Zs4AAvas
Kirby CMS vulnerable to user enumeration in the brute force protection
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00M3FxLXF3NHgtMjhmOM4AAvar
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ydjNyLXZxamotOGM3Ns4AAui4
Cross-site scripting from content entered in the tags and multiselect fields
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3
Cross-site scripting from dynamic options in the multiselect field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oM3cyLXFnMnItYzdtZs4AAubL
Kirby CMS 2.5.12 Cross-site Scripting
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jN3gyLTdoOHItanE0bc4AAuav
Kirby CMS 2.5.12 Cross-site Request Forgery
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNzVjLXYzcmMteGdoeM4AATSi
Kirby XSS Vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcTU4LXI3N2MtNWpqd80XQA
Cross-site scripting (XSS) from image block content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14N2o3LXFwN2otaHczcc0XPw
Cross-site scripting (XSS) from writer field content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmMnctMzQ5eC12cnFt
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFncDQtNXF4Ni01NDhn
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2
Kirby .dev domains and some reverse proxy setups were treated as local
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczaDgtY2c5eC00N3F3
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 3 years ago
Statistics
Advisories: 18,143
Packages: 8,242
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 7,818 High 6,288 Critical 2,787 Low 966
Filter by Ecosystem
maven 5,518 packagist 3,782 pypi 3,552 npm 3,530 go 1,879 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
moodle/moodle 318 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 microweber/microweber 91 phpmyadmin/phpmyadmin 91 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 drupal/drupal 56 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 28 centreon/centreon 27 shopware/shopware 27 getgrav/grav 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 contao/contao 18 tribalsystems/zenario 18 forkcms/forkcms 18 cakephp/cakephp 17 symfony/security 17 genix/cms 17 cockpit-hq/cockpit 17 francoisjacquet/rosariosis 17 simplesamlphp/simplesamlphp 17 yetiforce/yetiforce-crm 16 topthink/framework 15 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 zendframework/zendframework1 14 ezsystems/ezpublish-kernel 14 ec-cube/ec-cube 14 phpmailer/phpmailer 14 smarty/smarty 14 elefant/cms 13 codeigniter4/framework 13 impresscms/impresscms 13 october/system 13 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 dompdf/dompdf 12 bolt/bolt 12 phpbb/phpbb 12 lavalite/cms 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 opencart/opencart 10 pagekit/pagekit 10 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 sylius/sylius 10 wwbn/avideo 10 nukeviet/nukeviet 10 laravel/framework 10 TinyMCE 9 tinymce 9 tinymce/tinymce 9 alextselegidis/easyappointments 9 concrete5/core 9 kevinpapst/kimai2 9 october/october 9 ssddanbrown/bookstack 9 funadmin/funadmin 9 gilacms/gila 8 sulu/sulu 8 codiad/codiad 8 yiisoft/yii2 8 october/cms 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 croogo/croogo 8 flarum/core 7 statamic/cms 7 symfony/http-foundation 7 silverstripe/graphql 7 silverstripe/admin 7 october/backend 7 symfony/http-kernel 6 composer/composer 6 yiisoft/yii2-dev 6 zoujingli/thinkadmin 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 directmailteam/direct-mail 6 wpglobus/wpglobus 6 pterodactyl/panel 6 nystudio107/craft-seomatic 6 dweeves/magmi 6 contao/core 6 yourls/yourls 6 in2code/femanager 6 backdrop/backdrop 6 automad/automad 5 elgg/elgg 5 symfony/security-core 5 cachethq/cachet 5 gleez/cms 5 phpseclib/phpseclib 5 simplesamlphp/saml2 5 vrana/adminer 5 ezsystems/ezplatform-admin-ui 5 silverstripe/assets 5 thinkcmf/thinkcmf 5 phpxmlrpc/phpxmlrpc 5 billz/raspap-webgui 5 typo3/cms-install 5 oro/platform 5 anchorcms/anchor-cms 5 bottelet/flarepoint 5 pear/archive_tar 5 gugoan/economizzer 5 ibexa/core 5 oro/commerce 4 bytefury/crater 4 modx/revolution 4 appwrite/server-ce 4 evolutioncms/evolution 4 notrinos/notrinos-erp 4 shopware/storefront 4 phpservermon/phpservermon 4 wp-premium/gravityforms 4 pyrocms/pyrocms 4 magento/product-community-edition 4 bref/bref 4 typo3/cms-frontend 4 codeigniter4/shield 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 spatie/browsershot 4 typo3/html-sanitizer 4 symfony/security-bundle 4 joomla/joomla-cms 3 prestashop/productcomments 3 processwire/processwire 3 quickapps/cms 3 mantisbt/mantisbt 3 phpoffice/phpspreadsheet 3 ckeditor4 3 joomla/framework 3 codeigniter/framework 3 symfony/form 3 illuminate/database 3 zencart/zencart 3 typo3/cms-form 3 qcubed/qcubed 3 verbb/comments 3 icecoder/icecoder 3 yiisoft/yii 3 flarum/framework 3 shopxo/shopxo 3 rudloff/alltube 3 enshrined/svg-sanitize 3 enhavo/enhavo-app 3 phenx/php-svg-lib 3 facade/ignition 3 tecnickcom/tcpdf 3 artesaos/seotools 3 sylius/resource-bundle 3 ezsystems/ezpublish-legacy 3 buddypress/buddypress 3 bbpress/bbpress 3 adodb/adodb-php 3 kimai/kimai 3 froala/wysiwyg-editor 3 limesurvey/limesurvey 3 apache-solr-for-typo3/solr 3 verot/class.upload.php 3 zendframework/zendopenid 3 zendframework/zendrest 3 zendframework/zendservice-audioscrobbler 3 uvdesk/community-skeleton 3 zendframework/zendservice-nirvanix 3 zendframework/zendservice-amazon 3 zendframework/zendservice-api 3 zendframework/zendservice-slideshare 3
Filter by Repository
https://github.com/getkirby/kirby 18