NotCVE - vendor:"Getkirby" product:"Kirby" version:"

Page 3 of 22 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16628

https://notcve.org/view.php?id=CVE-2018-16628

04 Dec 2018 — panel/login in Kirby v2.5.12 allows XSS via a blog name. panel/login en Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante un nombre de blog. • https://github.com/security-breachlock/CVE-2018-16628/blob/master/kirby10.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7773

https://notcve.org/view.php?id=CVE-2015-7773

20 Nov 2015 — Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. Vulnerabilidad de carga de archivos sin restricciones en el componente Panel en Bastian Allgeier Kirby en versiones anteriores a 2.1.2 permite a usuarios remotos autenticados ejecutar código PHP arbitrario mediante la subida de un archivo que carec... • http://getkirby.com/changelog/kirby-2-1-2 •

1 2 3