Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist getkirby/cms Security Advisories

Browse all Security Advisories for packagist getkirby/cms

Loading...
High
GSA_kwCzR0hTQS1qbTltLXJxcjMtd2ZtaM4AA_Bw
Kirby has insufficient permission checks in the language settings
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 9 months ago
High
GSA_kwCzR0hTQS14NW1yLXA2djQtd3A5M84AA08O
Field injection in the KirbyData text storage handler
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS01bXZqLXJ2cDgtcmY0Nc4AA08N
Insufficient Session Expiration after a password change
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xMzg2LXc2ZmctZ21ncM4AA08M
XML External Entity (XXE) vulnerability in the XML data handler
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04ZnY3LXdxMzgtZjVjOc4AA08L
Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zdjZqLXYzcWMtY3hmZs4AA08K
Denial of service from unlimited password lengths
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jMjdqLTc2eGctNng0Zs4AAvas
Kirby CMS vulnerable to user enumeration in the brute force protection
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00M3FxLXF3NHgtMjhmOM4AAvar
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ydjNyLXZxamotOGM3Ns4AAui4
Cross-site scripting from content entered in the tags and multiselect fields
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3
Cross-site scripting from dynamic options in the multiselect field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3gyLTdoOHItanE0bc4AAuav
Kirby CMS 2.5.12 Cross-site Request Forgery
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3cyLXFnMnItYzdtZs4AAubL
Kirby CMS 2.5.12 Cross-site Scripting
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNzVjLXYzcmMteGdoeM4AATSi
Kirby XSS Vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcTU4LXI3N2MtNWpqd80XQA
Cross-site scripting (XSS) from image block content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS14N2o3LXFwN2otaHczcc0XPw
Cross-site scripting (XSS) from writer field content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmMnctMzQ5eC12cnFt
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFncDQtNXF4Ni01NDhn
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2
Kirby .dev domains and some reverse proxy setups were treated as local
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczaDgtY2c5eC00N3F3
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 4 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 nilsteampassnet/teampass 37 mautic/core 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 contao/core-bundle 24 magento/core 24 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 zendframework/zendframework 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 getkirby/cms 22 tribalsystems/zenario 22 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 forkcms/forkcms 18 cockpit-hq/cockpit 18 topthink/framework 18 genix/cms 17 opencart/opencart 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 symfony/security 17 openmage/magento-lts 16 typo3/cms-backend 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 symfony/security-http 15 ec-cube/ec-cube 15 smarty/smarty 15 october/system 15 feehi/cms 14 silverstripe/cms 14 bolt/bolt 14 dompdf/dompdf 14 phpmailer/phpmailer 14 pimcore/admin-ui-classic-bundle 13 admidio/admidio 13 sylius/sylius 13 studio-42/elfinder 13 impresscms/impresscms 13 lavalite/cms 13 codeigniter4/framework 13 elefant/cms 13 symfony/http-foundation 12 phpoffice/phpspreadsheet 12 wwbn/avideo 12 phpmyfaq/phpmyfaq 12 ezsystems/ezplatform-kernel 11 tinymce 11 wallabag/wallabag 11 TinyMCE 11 tinymce/tinymce 11 nukeviet/nukeviet 11 pagekit/pagekit 11 feehi/feehicms 11 sulu/sulu 10 ezsystems/ezpublish-legacy 10 yiisoft/yii2 10 ssddanbrown/bookstack 10 october/october 10 twbs/bootstrap 9 statamic/cms 9 alextselegidis/easyappointments 9 bootstrap 9 contao/core 9 org.webjars:bootstrap 9 concrete5/core 9 bootstrap 9 kevinpapst/kimai2 9 bootstrap 9 croogo/croogo 8 silverstripe/admin 8 gilacms/gila 8 mantisbt/mantisbt 8 codiad/codiad 8 october/cms 8 ezsystems/ezplatform-admin-ui 8 pterodactyl/panel 8 facturascripts/facturascripts 8 silverstripe/graphql 8 twig/twig 8 pimcore/customer-management-framework-bundle 8 composer/composer 8 wpglobus/wpglobus 7 symfony/http-kernel 7 october/backend 7 billz/raspap-webgui 7 passbolt/passbolt_api 7 backdrop/backdrop 7 flarum/core 7 bootstrap.sass 7 bootstrap-sass 7 phpseclib/phpseclib 6 vrana/adminer 6 yourls/yourls 6 pear/archive_tar 6 guzzlehttp/guzzle 6 directmailteam/direct-mail 6 bagisto/bagisto 6 in2code/femanager 6 dweeves/magmi 6 gleez/cms 6 oro/platform 6 icecoder/icecoder 6 zoujingli/thinkadmin 6 yiisoft/yii2-dev 6 nystudio107/craft-seomatic 6 typo3/flow 5 thinkcmf/thinkcmf 5 woocommerce/woocommerce 5 mautic/core-lib 5 phpservermon/phpservermon 5 bottelet/flarepoint 5 elgg/elgg 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 neos/neos 5 typo3/cms-install 5 bootstrap-sass 5 codeigniter/framework 5 ibexa/core 5 illuminate/database 5 symfony/security-bundle 5 limesurvey/limesurvey 5 anchorcms/anchor-cms 5 symfony/security-core 5 kimai/kimai 5 silverstripe/assets 5 cachethq/cachet 5 simplesamlphp/saml2 5 gugoan/economizzer 5 sylius/resource-bundle 4 oro/commerce 4 wp-premium/gravityforms 4 pyrocms/pyrocms 4 bytefury/crater 4 shopxo/shopxo 4 modx/revolution 4 evolutioncms/evolution 4 spatie/browsershot 4 bref/bref 4 shopware/storefront 4 zendframework/zendopenid 4 wintercms/winter 4 typo3/html-sanitizer 4 friendsofsymfony/user-bundle 4 typo3/cms-frontend 4 automad/automad 4 idno/known 4 appwrite/server-ce 4 reportico-web/reportico 4 magento/product-community-edition 4 processwire/processwire 4 ezsystems/ezplatform 4 codeigniter4/shield 4 adodb/adodb-php 4 ezyang/htmlpurifier 4 notrinos/notrinos-erp 4 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/auth 3 aimeos/ai-admin-graphql 3 zendframework/zendservice-api 3 getformwork/formwork 3 redaxo/source 3 enshrined/svg-sanitize 3 ckeditor4 3 doctrine/orm 3 django-tinymce 3 verot/class.upload.php 3
Filter by Repository
https://github.com/getkirby/kirby 19