Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kirby
(Getkirby)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-24 | CVE-2018-14520 | An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | Kirby | 5.4 | ||
| 2024-02-26 | CVE-2024-27087 | Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary... | Kirby | 5.4 | ||
| 2020-12-08 | CVE-2020-26253 | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget registering your first admin account... | Kirby, Panel | 5.9 |