Page 5 of 26 results (0.003 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. Kirby versión V2.5.12 es propenso a un ataque XSS persistente por medio del parametro Title de "Site options" en el menú desplegable del panel de administración. • https://github.com/security-breachlock/CVE-2018-16623/blob/master/CVE-2018-16623.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. En Kirby versión 2.5.12 el archivo panel/pages/home/edit permite una vulnerabilidad de tipo XSS por medio del título de una nueva página • https://github.com/security-breachlock/CVE-2018-16624/blob/master/CVE-2018-16624.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante la opción Add "site files" para subir un archivo SVG. • https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. panel/login en Kirby v2.5.12 permite la inyección de cabeceras del host mediante la característica "forget password". • https://github.com/security-breachlock/CVE-2018-16627 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

panel/login in Kirby v2.5.12 allows XSS via a blog name. panel/login en Kirby v2.5.12 permite Cross-Site Scripting (XSS) mediante un nombre de blog. • https://github.com/security-breachlock/CVE-2018-16628/blob/master/kirby10.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •