CVE-2018-16624
https://notcve.org/view.php?id=CVE-2018-16624
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. En Kirby versión 2.5.12 el archivo panel/pages/home/edit permite una vulnerabilidad de tipo XSS por medio del título de una nueva página • https://github.com/security-breachlock/CVE-2018-16624/blob/master/CVE-2018-16624.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16630
https://notcve.org/view.php?id=CVE-2018-16630
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante la opción Add "site files" para subir un archivo SVG. • https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16627
https://notcve.org/view.php?id=CVE-2018-16627
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. panel/login en Kirby v2.5.12 permite la inyección de cabeceras del host mediante la característica "forget password". • https://github.com/security-breachlock/CVE-2018-16627 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2018-16628
https://notcve.org/view.php?id=CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name. panel/login en Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante un nombre de blog. • https://github.com/security-breachlock/CVE-2018-16628/blob/master/kirby10.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •