getkirby/cms Security Advisories - Packagist

Low

5 months ago

Kirby vulnerable to path traversal in the router for PHP's built-in server GSA_kwCzR0hTQS05cDNwLXc1amYtOHh4Z84ABHzS

packagist getkirby/cms

Moderate

5 months ago

Kirby vulnerable to path traversal of collection names during file system lookup GSA_kwCzR0hTQS14Mjc1LWg5ajQtN3A0aM4ABHzR

packagist getkirby/cms

High

about 1 year ago

Kirby has insufficient permission checks in the language settings GSA_kwCzR0hTQS1qbTltLXJxcjMtd2ZtaM4AA_Bw

packagist getkirby/cms

Moderate

over 1 year ago

Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk

packagist getkirby/cms

Moderate

over 1 year ago

Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI

packagist getkirby/cms

Moderate

over 1 year ago

Kirby vulnerable to unrestricted file upload of user avatar images GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH

packagist getkirby/cms

High

about 2 years ago

Field injection in the KirbyData text storage handler GSA_kwCzR0hTQS14NW1yLXA2djQtd3A5M84AA08O

packagist getkirby/cms

High

about 2 years ago

Insufficient Session Expiration after a password change GSA_kwCzR0hTQS01bXZqLXJ2cDgtcmY0Nc4AA08N

packagist getkirby/cms

Moderate

about 2 years ago

XML External Entity (XXE) vulnerability in the XML data handler GSA_kwCzR0hTQS1xMzg2LXc2ZmctZ21ncM4AA08M

packagist getkirby/cms

Moderate

about 2 years ago

Cross-site scripting (XSS) from MIME type auto-detection of uploaded files GSA_kwCzR0hTQS04ZnY3LXdxMzgtZjVjOc4AA08L

packagist getkirby/cms

Moderate

about 2 years ago

Denial of service from unlimited password lengths GSA_kwCzR0hTQS0zdjZqLXYzcWMtY3hmZs4AA08K

packagist getkirby/cms

Moderate

almost 3 years ago

Kirby CMS vulnerable to user enumeration in the brute force protection GSA_kwCzR0hTQS1jMjdqLTc2eGctNng0Zs4AAvas

packagist getkirby/cms

Moderate

almost 3 years ago

Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms GSA_kwCzR0hTQS00M3FxLXF3NHgtMjhmOM4AAvar

packagist getkirby/cms

High

about 3 years ago

Cross-site scripting from content entered in the tags and multiselect fields GSA_kwCzR0hTQS1ydjNyLXZxamotOGM3Ns4AAui4

packagist getkirby/cms

Moderate

about 3 years ago

Cross-site scripting from dynamic options in the multiselect field GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3

packagist getkirby/cms

Moderate

about 3 years ago

Kirby CMS 2.5.12 Cross-site Scripting GSA_kwCzR0hTQS1oM3cyLXFnMnItYzdtZs4AAubL

packagist getkirby/cms

Moderate

about 3 years ago

Kirby CMS 2.5.12 Cross-site Request Forgery GSA_kwCzR0hTQS1jN3gyLTdoOHItanE0bc4AAuav

packagist getkirby/cms

Moderate

over 3 years ago

Kirby XSS Vulnerability GSA_kwCzR0hTQS0yNzVjLXYzcmMteGdoeM4AATSi

packagist getkirby/cms

Moderate

almost 4 years ago

Cross-site scripting (XSS) from image block content in the site frontend GSA_kwCzR0hTQS1jcTU4LXI3N2MtNWpqd80XQA

packagist getkirby/cms

Moderate

almost 4 years ago

Cross-site scripting (XSS) from writer field content in the site frontend GSA_kwCzR0hTQS14N2o3LXFwN2otaHczcc0XPw

packagist getkirby/cms

High

over 4 years ago

Cross-site scripting (XSS) from field and configuration text displayed in the Panel MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmMnctMzQ5eC12cnFt

packagist getkirby/cms

High

over 4 years ago

Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFncDQtNXF4Ni01NDhn

packagist getkirby/cms

Moderate

over 4 years ago

Kirby .dev domains and some reverse proxy setups were treated as local MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2

packagist getkirby/cms, getkirby/panel

Moderate

almost 5 years ago

Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczaDgtY2c5eC00N3F3

packagist getkirby/cms, getkirby/panel

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

getkirby/cms

Kirby vulnerable to path traversal in the router for PHP's built-in server GSA_kwCzR0hTQS05cDNwLXc1amYtOHh4Z84ABHzS

Kirby vulnerable to path traversal of collection names during file system lookup GSA_kwCzR0hTQS14Mjc1LWg5ajQtN3A0aM4ABHzR

Kirby has insufficient permission checks in the language settings GSA_kwCzR0hTQS1qbTltLXJxcjMtd2ZtaM4AA_Bw

Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk

Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI

Kirby vulnerable to unrestricted file upload of user avatar images GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH

Field injection in the KirbyData text storage handler GSA_kwCzR0hTQS14NW1yLXA2djQtd3A5M84AA08O

Insufficient Session Expiration after a password change GSA_kwCzR0hTQS01bXZqLXJ2cDgtcmY0Nc4AA08N

XML External Entity (XXE) vulnerability in the XML data handler GSA_kwCzR0hTQS1xMzg2LXc2ZmctZ21ncM4AA08M

Cross-site scripting (XSS) from MIME type auto-detection of uploaded files GSA_kwCzR0hTQS04ZnY3LXdxMzgtZjVjOc4AA08L

Denial of service from unlimited password lengths GSA_kwCzR0hTQS0zdjZqLXYzcWMtY3hmZs4AA08K

Kirby CMS vulnerable to user enumeration in the brute force protection GSA_kwCzR0hTQS1jMjdqLTc2eGctNng0Zs4AAvas

Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms GSA_kwCzR0hTQS00M3FxLXF3NHgtMjhmOM4AAvar

Cross-site scripting from content entered in the tags and multiselect fields GSA_kwCzR0hTQS1ydjNyLXZxamotOGM3Ns4AAui4

Cross-site scripting from dynamic options in the multiselect field GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3

Kirby CMS 2.5.12 Cross-site Scripting GSA_kwCzR0hTQS1oM3cyLXFnMnItYzdtZs4AAubL

Kirby CMS 2.5.12 Cross-site Request Forgery GSA_kwCzR0hTQS1jN3gyLTdoOHItanE0bc4AAuav

Kirby XSS Vulnerability GSA_kwCzR0hTQS0yNzVjLXYzcmMteGdoeM4AATSi

Cross-site scripting (XSS) from image block content in the site frontend GSA_kwCzR0hTQS1jcTU4LXI3N2MtNWpqd80XQA

Cross-site scripting (XSS) from writer field content in the site frontend GSA_kwCzR0hTQS14N2o3LXFwN2otaHczcc0XPw

Cross-site scripting (XSS) from field and configuration text displayed in the Panel MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmMnctMzQ5eC12cnFt

Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFncDQtNXF4Ni01NDhn

Kirby .dev domains and some reverse proxy setups were treated as local MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2

Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczaDgtY2c5eC00N3F3

Filter by Severity