Vulnerabilidades en getkirby
29 resultadosCVE-2021-29460HIGHCross-site scripting (XSS) from unsanitized uploaded SVG filesEPSS 3.2%CVE-2023-38490MEDIUMKirby XML External Entity (XXE) vulnerability in the XML data handlerEPSS 1.5%CVE-2020-26255MEDIUMPHP Phar archives could be uploaded and executed in KirbyEPSS 1.5%CVE-2023-38492MEDIUMKirby vulnerable to denial of service from unlimited password lengthsEPSS 1.0%CVE-2021-41252HIGHCross-site scripting (XSS) from writer field content in the site frontendEPSS 0.9%CVE-2023-38488HIGHKirby vulnerable to field injection in the KirbyData text storage handlerEPSS 0.8%CVE-2021-41258HIGHCross-site scripting (XSS) from image block content in the site frontendEPSS 0.8%CVE-2023-38489HIGHKirby vulnerable to Insufficient Session Expiration after a password changeEPSS 0.7%CVE-2022-36037MEDIUMCross-site scripting (XSS) from dynamic options in the multiselect field in KirbyEPSS 0.7%CVE-2022-39315MEDIUMKirby CMS vulnerable to user enumeration in the brute force protectionEPSS 0.6%CVE-2025-30159MEDIUMKirby vulnerable to path traversal of snippet names in the `snippet()` helperEPSS 0.6%CVE-2020-26253MEDIUM.dev domains treated as local in KirbyEPSS 0.6%CVE-2023-38491MEDIUMKirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded filesEPSS 0.6%CVE-2021-32735HIGHCross-site scripting (XSS) from field and configuration text displayed in the PanelEPSS 0.5%CVE-2025-31493MEDIUMPath traversal of collection names during file system lookupEPSS 0.5%CVE-2025-30207LOWKirby vulnerable to path traversal in the router for PHP's built-in serverEPSS 0.5%CVE-2024-41964HIGHInsufficient permission checks in the language settings in Kirby CMSEPSS 0.4%CVE-2026-41325HIGHKirby is vulnerable to authorization bypass during page, file and user creation via blueprint injectionEPSS 0.4%CVE-2022-39314MEDIUMUser enumeration in the code-based login and password reset formsEPSS 0.4%CVE-2024-27087MEDIUMKirby cross-site scripting (XSS) in the link field "Custom" typeEPSS 0.3%