CVE-2018-16630

CVE-2018-16630

EPSS 0.6%

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf