getkirby/cms vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-41964Highgetkirby/cms: Kirby has insufficient permission checks in the language settingsCVE-2024-27087Mediumgetkirby/cms: Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" typeCVE-2024-26481Mediumgetkirby/cms: Kirby vulnerable to self cross-site scripting (self-XSS) in the URL fieldCVE-2024-26483Mediumgetkirby/cms: Kirby vulnerable to unrestricted file upload of user avatar imagesCVE-2023-38488Highgetkirby/cms: Field injection in the KirbyData text storage handlerCVE-2023-38489Highgetkirby/cms: Insufficient Session Expiration after a password changeCVE-2023-38490Mediumgetkirby/cms: XML External Entity (XXE) vulnerability in the XML data handlerCVE-2023-38491Mediumgetkirby/cms: Cross-site scripting (XSS) from MIME type auto-detection of uploaded filesCVE-2023-38492Mediumgetkirby/cms: Denial of service from unlimited password lengthsCVE-2022-39315Mediumgetkirby/cms: Kirby CMS vulnerable to user enumeration in the brute force protectionCVE-2022-39314Mediumgetkirby/cms: Kirby CMS vulnerable to user enumeration in the code-based login and password reset formsGHSA-RV3R-VQJJ-8C76Highgetkirby/cms: Cross-site scripting from content entered in the tags and multiselect fieldsCVE-2022-36037Mediumgetkirby/cms: Cross-site scripting from dynamic options in the multiselect fieldCVE-2018-14520Mediumgetkirby/cms: Kirby CMS 2.5.12 Cross-site ScriptingCVE-2018-14519Mediumgetkirby/cms: Kirby CMS 2.5.12 Cross-site Request ForgeryCVE-2017-16807Mediumgetkirby/cms: Kirby XSS VulnerabilityCVE-2021-41258Mediumgetkirby/cms: Cross-site scripting (XSS) from image block content in the site frontendCVE-2021-41252Mediumgetkirby/cms: Cross-site scripting (XSS) from writer field content in the site frontendCVE-2021-32735Highgetkirby/cms: Cross-site scripting (XSS) from field and configuration text displayed in the PanelCVE-2021-29460Highgetkirby/cms: Cross-site scripting (XSS) from unsanitized uploaded SVG files in KirbyCVE-2020-26253Mediumgetkirby/panel: Kirby .dev domains and some reverse proxy setups were treated as localCVE-2020-26255Mediumgetkirby/panel: Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

Stop the waste.
Protect your environment with Kodem.