Page 3 of 23 results (0.001 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

28 Dec 2018 — Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante la opción Add "site files" para subir un archivo SVG. • https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

20 Dec 2018 — panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. panel/login en Kirby v2.5.12 permite la inyección de cabeceras del host mediante la característica "forget password". • https://github.com/security-breachlock/CVE-2018-16627 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

04 Dec 2018 — panel/login in Kirby v2.5.12 allows XSS via a blog name. panel/login en Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante un nombre de blog. • https://github.com/security-breachlock/CVE-2018-16628/blob/master/kirby10.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •