Search criteria
93 vulnerabilities found for kirby by getkirby
FKIE_CVE-2025-65012
Vulnerability from fkie_nvd - Published: 2025-11-18 23:15 - Updated: 2025-11-26 16:25
Severity ?
Summary
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE9A9E3-9347-4164-9AB8-E721DFBDF56A",
"versionEndExcluding": "5.1.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the \"Changes\" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4."
}
],
"id": "CVE-2025-65012",
"lastModified": "2025-11-26T16:25:06.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-18T23:15:55.913",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/5.1.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-84hf-8gh5-575j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-31493
Vulnerability from fkie_nvd - Published: 2025-05-13 16:15 - Updated: 2025-08-26 14:33
Severity ?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D805FEF9-99CA-4AA8-B7A2-E55F8B6CF633",
"versionEndExcluding": "3.9.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32EEBCF-2673-485B-9B5D-002D258315CD",
"versionEndExcluding": "3.10.1.2",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B812FA-29DC-4CE0-9E49-6AC09BA4087D",
"versionEndExcluding": "4.7.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby-\u003ecollection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby-\u003ecollection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection(\u0027tags-\u0027 . get(\u0027tags\u0027))`. It generally also requires knowledge of the site structure and the server\u0027s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded."
},
{
"lang": "es",
"value": "Kirby es un sistema de gesti\u00f3n de contenido de c\u00f3digo abierto. Una vulnerabilidad en versiones anteriores a 3.9.8.3, 3.10.1.2 y 4.7.1 afecta a todos los sitios de Kirby que usan el asistente `collection()` o el m\u00e9todo `$kirby-\u0026gt;collection()` con un nombre de colecci\u00f3n din\u00e1mico (como un nombre de colecci\u00f3n que depende de la solicitud o los datos del usuario). Los sitios que solo usan llamadas fijas al asistente `collection()`/m\u00e9todo `$kirby-\u0026gt;collection()` (es decir, llamadas con una cadena simple para el nombre de la colecci\u00f3n) *no* se ven afectados. La falta de una comprobaci\u00f3n de path traversal permiti\u00f3 a los atacantes navegar y acceder a todos los archivos en el servidor a los que ten\u00eda acceso el proceso PHP, incluyendo archivos fuera del root de las colecciones o incluso fuera de la instalaci\u00f3n de Kirby. Se ejecut\u00f3 el c\u00f3digo PHP dentro de dichos archivos. Dichos ataques primero requieren un vector de ataque en el c\u00f3digo del sitio que es causado por nombres de colecciones din\u00e1micos, como `collection(\u0027tags-\u0027 . get(\u0027tags\u0027))`. Generalmente, tambi\u00e9n requiere que el atacante conozca la estructura del sitio y el sistema de archivos del servidor, aunque es posible encontrar configuraciones vulnerables mediante m\u00e9todos automatizados como el fuzzing. En una configuraci\u00f3n vulnerable, esto podr\u00eda da\u00f1ar la confidencialidad e integridad del servidor. El problema se ha corregido en Kirby 3.9.8.3, Kirby 3.10.1.2 y Kirby 4.7.1. En todas las versiones mencionadas, los desarrolladores de Kirby han a\u00f1adido una comprobaci\u00f3n de la ruta de la colecci\u00f3n que garantiza que la ruta resultante est\u00e9 dentro del root de las colecciones configurada. Las rutas de colecci\u00f3n que apunten fuera del root de las colecciones no se cargar\u00e1n."
}
],
"id": "CVE-2025-31493",
"lastModified": "2025-08-26T14:33:24.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-13T16:15:30.093",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-x275-h9j4-7p4h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-30207
Vulnerability from fkie_nvd - Published: 2025-05-13 16:15 - Updated: 2025-08-26 14:44
Severity ?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby's router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D805FEF9-99CA-4AA8-B7A2-E55F8B6CF633",
"versionEndExcluding": "3.9.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32EEBCF-2673-485B-9B5D-002D258315CD",
"versionEndExcluding": "3.10.1.2",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B812FA-29DC-4CE0-9E49-6AC09BA4087D",
"versionEndExcluding": "4.7.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP\u0027s built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby\u0027s router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not."
},
{
"lang": "es",
"value": "Kirby es un sistema de gesti\u00f3n de contenido de c\u00f3digo abierto. Una vulnerabilidad en versiones anteriores a 3.9.8.3, 3.10.1.2 y 4.7.1 afecta a todas las configuraciones de Kirby que utilizan el servidor integrado de PHP. Estas configuraciones suelen utilizarse solo durante el desarrollo local. Los sitios que utilizan otro software de servidor (como Apache, nginx o Caddy) no se ven afectados. La falta de una comprobaci\u00f3n de path traversal permiti\u00f3 a los atacantes navegar por todos los archivos del servidor accesibles para el proceso PHP, incluidos los archivos fuera de la instalaci\u00f3n de Kirby. La implementaci\u00f3n vulnerable deleg\u00f3 todos los archivos existentes a PHP, incluidos los existentes fuera del root del documento. Esto genera una respuesta diferente que permite a los atacantes determinar si el archivo solicitado existe. Dado que el enrutador de Kirby solo delega dichas solicitudes a PHP y no las carga ni las ejecuta, el contenido de los archivos no se expuso, ya que PHP trata las solicitudes a archivos fuera del root del documento como no v\u00e1lidas. El problema se ha corregido en Kirby 3.9.8.3, Kirby 3.10.1.2 y Kirby 4.7.1. En todas las versiones mencionadas, los mantenedores de Kirby han actualizado el enrutador para comprobar si los archivos est\u00e1ticos existentes se encuentran en el root del documento. Las solicitudes a archivos fuera del root del documento se tratan como solicitudes de p\u00e1gina de la p\u00e1gina de error y ya no permiten determinar si el archivo existe o no."
}
],
"id": "CVE-2025-30207",
"lastModified": "2025-08-26T14:44:44.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-13T16:15:29.360",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-9p3p-w5jf-8xxg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-30159
Vulnerability from fkie_nvd - Published: 2025-05-13 15:15 - Updated: 2025-08-26 14:48
Severity ?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby->snippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D805FEF9-99CA-4AA8-B7A2-E55F8B6CF633",
"versionEndExcluding": "3.9.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B32EEBCF-2673-485B-9B5D-002D258315CD",
"versionEndExcluding": "3.10.1.2",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B812FA-29DC-4CE0-9E49-6AC09BA4087D",
"versionEndExcluding": "4.7.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby-\u003esnippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby-\u003esnippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet(\u0027tags-\u0027 . get(\u0027tags\u0027))`. It generally also requires knowledge of the site structure and the server\u0027s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded."
},
{
"lang": "es",
"value": "Kirby es un sistema de gesti\u00f3n de contenido de c\u00f3digo abierto. Una vulnerabilidad en versiones anteriores a 3.9.8.3, 3.10.1.2 y 4.7.1 afecta a todos los sitios de Kirby que usan el asistente `snippet()` o el m\u00e9todo `$kirby-\u0026gt;snippet()` con un nombre de fragmento din\u00e1mico (por ejemplo, un nombre de fragmento que depende de la solicitud o de los datos del usuario). Los sitios que solo usan llamadas fijas al asistente `snippet()` o al m\u00e9todo `$kirby-\u0026gt;snippet()` (es decir, llamadas con una cadena simple para el nombre del fragmento) *no* se ven afectados. La falta de una comprobaci\u00f3n de path traversal permiti\u00f3 a los atacantes navegar y acceder a todos los archivos del servidor accesibles para el proceso PHP, incluyendo archivos fuera del root de los fragmentos o incluso fuera de la instalaci\u00f3n de Kirby. Se ejecut\u00f3 el c\u00f3digo PHP dentro de dichos archivos. Tales ataques primero requieren un vector de ataque en el c\u00f3digo del sitio que es causado por nombres de fragmentos din\u00e1micos, como `snippet(\u0027tags-\u0027 . get(\u0027tags\u0027))`. Generalmente tambi\u00e9n requiere conocimiento de la estructura del sitio y el sistema de archivos del servidor por parte del atacante, aunque puede ser posible encontrar configuraciones vulnerables a trav\u00e9s de m\u00e9todos automatizados como fuzzing. En una configuraci\u00f3n vulnerable, esto podr\u00eda causar da\u00f1os a la confidencialidad e integridad del servidor. El problema ha sido parcheado en Kirby 3.9.8.3, Kirby 3.10.1.2 y Kirby 4.7.1. En todas las versiones mencionadas, los mantenedores de Kirby han agregado una comprobaci\u00f3n para la ruta del fragmento que garantiza que la ruta resultante est\u00e9 contenida dentro del root de fragmentos configurada. Las rutas de fragmentos que apuntan fuera del root de fragmentos no se cargar\u00e1n."
}
],
"id": "CVE-2025-30159",
"lastModified": "2025-08-26T14:48:11.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-13T15:15:56.167",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory",
"Exploit",
"Patch"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-fw82-87p8-v6hp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-41964
Vulnerability from fkie_nvd - Published: 2024-08-29 17:15 - Updated: 2024-09-06 22:56
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5113F1-0EAB-408F-9574-7A9545905C52",
"versionEndExcluding": "3.6.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9E85FE-0FC5-41C1-99EB-6CEE106864E3",
"versionEndExcluding": "3.7.5.5",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6DA7E2-7EA2-4F0B-BECD-0481489E1A9E",
"versionEndExcluding": "3.8.4.4",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "815FC984-F946-463C-8CDC-2923BF51D85D",
"versionEndExcluding": "3.9.8.2",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A359C0A7-92E0-428B-A3D1-32B43929EC6F",
"versionEndExcluding": "3.10.1.1",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D93D8F-70F6-4E50-A7A7-511593473868",
"versionEndExcluding": "4.3.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby\u0027s frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Kirby es un CMS dirigido a manipuladores y editores. Kirby permite restringir los permisos de roles de usuario espec\u00edficos. Los usuarios de ese rol solo pueden realizar acciones permitidas. Los permisos para crear y eliminar idiomas ya exist\u00edan y se pod\u00edan configurar, pero no se aplicaban mediante el c\u00f3digo de interfaz o backend de Kirby. No exist\u00eda un permiso para actualizar idiomas existentes antes de las versiones parcheadas. Por lo tanto, deshabilitar el permiso comod\u00edn de idiomas.* para un rol no podr\u00eda haber prohibido las actualizaciones de las definiciones de idiomas existentes. Las comprobaciones de permisos faltantes permit\u00edan a los atacantes con acceso al Panel manipular las definiciones de idiomas. El problema se ha corregido en Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1 y Kirby 4.3.1. Actualice a una de estas versiones o a una posterior para corregir la vulnerabilidad. No existen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-41964",
"lastModified": "2024-09-06T22:56:18.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-29T17:15:07.980",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-27087
Vulnerability from fkie_nvd - Published: 2024-02-26 17:15 - Updated: 2024-12-31 15:34
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E14BEE12-BE86-4527-9BCA-194ACE2C2050",
"versionEndExcluding": "4.1.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don\u0027t fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"
},
{
"lang": "es",
"value": "Kirby es un sistema de gesti\u00f3n de contenidos. El nuevo campo de enlace introducido en Kirby 4 permite varios tipos de enlaces diferentes, cada uno de los cuales valida el enlace ingresado en el formato de URL correspondiente. Tambi\u00e9n incluye un tipo de enlace \"Personalizado\" para casos de uso avanzados que no se ajustan a ninguno de los formatos de enlace predefinidos. Como el tipo de enlace \"Personalizado\" pretende ser flexible, tambi\u00e9n permite el esquema de URL javascript:. En algunos casos de uso, esto puede ser intencionado, pero los atacantes tambi\u00e9n pueden utilizarlo indebidamente para ejecutar c\u00f3digo JavaScript arbitrario cuando un usuario o visitante hace clic en un enlace que se genera a partir del contenido del campo de enlace. Esta vulnerabilidad est\u00e1 parcheada en 4.1.1."
}
],
"id": "CVE-2024-27087",
"lastModified": "2024-12-31T15:34:15.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-26T17:15:10.783",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-26484
Vulnerability from fkie_nvd - Published: 2024-02-22 05:15 - Updated: 2025-08-21 14:08
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7AA7C56B-9B9A-41B5-BADE-E0831FDC4D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor\u0027s position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el m\u00f3dulo Edit Content Layout de Kirby CMS v4.1.0 permite a los atacantes ejecutar script web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el campo Enlace."
}
],
"id": "CVE-2024-26484",
"lastModified": "2025-08-21T14:08:02.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-22T05:15:10.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-26483
Vulnerability from fkie_nvd - Published: 2024-02-22 05:15 - Updated: 2025-04-08 14:35
Severity ?
Summary
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA52A1-2798-49E4-93E7-7B3FB874F8BA",
"versionEndExcluding": "3.6.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D3EDA-C4E5-4CDC-9D1D-AFB771B8D8EA",
"versionEndExcluding": "3.7.5.4",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "097AAB6F-ECCE-4FF2-943A-F492FFA20612",
"versionEndExcluding": "3.8.4.3",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF2F922-B4FD-42F5-AF1A-5421577FB839",
"versionEndExcluding": "3.9.8.1",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D41D6DF-27D3-495E-B208-AE5D54119FC2",
"versionEndIncluding": "4.1.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A48D2312-6E39-45F6-B0E5-3ED9C72AA435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en el m\u00f3dulo Imagen de perfil de Kirby CMS v4.1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PDF manipulado."
}
],
"id": "CVE-2024-26483",
"lastModified": "2025-04-08T14:35:43.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-22T05:15:09.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-26481
Vulnerability from fkie_nvd - Published: 2024-02-22 05:15 - Updated: 2025-04-08 14:14
Severity ?
Summary
Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA52A1-2798-49E4-93E7-7B3FB874F8BA",
"versionEndExcluding": "3.6.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D3EDA-C4E5-4CDC-9D1D-AFB771B8D8EA",
"versionEndExcluding": "3.7.5.4",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "097AAB6F-ECCE-4FF2-943A-F492FFA20612",
"versionEndExcluding": "3.8.4.3",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF2F922-B4FD-42F5-AF1A-5421577FB839",
"versionEndExcluding": "3.9.8.1",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D41D6DF-27D3-495E-B208-AE5D54119FC2",
"versionEndIncluding": "4.1.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getkirby:kirby:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A48D2312-6E39-45F6-B0E5-3ED9C72AA435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Kirby CMS v4.1.0 conten\u00eda una vulnerabilidad de Cross-Site Scripting (XSS) reflejado a trav\u00e9s del par\u00e1metro URL."
}
],
"id": "CVE-2024-26481",
"lastModified": "2025-04-08T14:14:12.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-22T05:15:09.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-26482
Vulnerability from fkie_nvd - Published: 2024-02-22 05:15 - Updated: 2025-08-21 14:03
Severity ?
Summary
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getkirby:kirby:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7AA7C56B-9B9A-41B5-BADE-E0831FDC4D8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter\u0027s mentioned \"injecting malicious scripts\" would not occur."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de HTML en el m\u00f3dulo Edit Content Layout de Kirby CMS v4.1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado."
}
],
"id": "CVE-2024-26482",
"lastModified": "2025-08-21T14:03:18.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-22T05:15:09.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-65012 (GCVE-0-2025-65012)
Vulnerability from cvelistv5 – Published: 2025-11-18 22:44 – Updated: 2025-11-19 17:06
VLAI?
Summary
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T17:06:09.917341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T17:06:24.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the \"Changes\" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T22:44:11.989Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-84hf-8gh5-575j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-84hf-8gh5-575j"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/5.1.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/5.1.4"
}
],
"source": {
"advisory": "GHSA-84hf-8gh5-575j",
"discovery": "UNKNOWN"
},
"title": "Kirby CMS has cross-site scripting (XSS) in the changes dialog"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65012",
"datePublished": "2025-11-18T22:44:11.989Z",
"dateReserved": "2025-11-13T15:36:51.679Z",
"dateUpdated": "2025-11-19T17:06:24.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31493 (GCVE-0-2025-31493)
Vulnerability from cvelistv5 – Published: 2025-05-13 15:24 – Updated: 2025-05-13 19:08
VLAI?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:08:28.624462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:08:37.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.8.3"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby-\u003ecollection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby-\u003ecollection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection(\u0027tags-\u0027 . get(\u0027tags\u0027))`. It generally also requires knowledge of the site structure and the server\u0027s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:24:40.178Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-x275-h9j4-7p4h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-x275-h9j4-7p4h"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/4.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
}
],
"source": {
"advisory": "GHSA-x275-h9j4-7p4h",
"discovery": "UNKNOWN"
},
"title": "Path traversal of collection names during file system lookup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-31493",
"datePublished": "2025-05-13T15:24:40.178Z",
"dateReserved": "2025-03-28T13:36:51.298Z",
"dateUpdated": "2025-05-13T19:08:37.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30207 (GCVE-0-2025-30207)
Vulnerability from cvelistv5 – Published: 2025-05-13 15:20 – Updated: 2025-05-13 19:37
VLAI?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby's router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:36:16.796341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:37:09.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.8.3"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP\u0027s built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby\u0027s router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:20:00.707Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-9p3p-w5jf-8xxg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-9p3p-w5jf-8xxg"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/4.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
}
],
"source": {
"advisory": "GHSA-9p3p-w5jf-8xxg",
"discovery": "UNKNOWN"
},
"title": "Kirby vulnerable to path traversal in the router for PHP\u0027s built-in server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30207",
"datePublished": "2025-05-13T15:20:00.707Z",
"dateReserved": "2025-03-18T18:15:13.849Z",
"dateUpdated": "2025-05-13T19:37:09.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30159 (GCVE-0-2025-30159)
Vulnerability from cvelistv5 – Published: 2025-05-13 15:07 – Updated: 2025-05-13 19:46
VLAI?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby->snippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:44:40.658114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:46:41.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.8.3"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby-\u003esnippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby-\u003esnippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet(\u0027tags-\u0027 . get(\u0027tags\u0027))`. It generally also requires knowledge of the site structure and the server\u0027s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:07:02.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-fw82-87p8-v6hp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-fw82-87p8-v6hp"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/4.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
}
],
"source": {
"advisory": "GHSA-fw82-87p8-v6hp",
"discovery": "UNKNOWN"
},
"title": "Kirby vulnerable to path traversal of snippet names in the `snippet()` helper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30159",
"datePublished": "2025-05-13T15:07:02.920Z",
"dateReserved": "2025-03-17T12:41:42.566Z",
"dateUpdated": "2025-05-13T19:46:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41964 (GCVE-0-2024-41964)
Vulnerability from cvelistv5 – Published: 2024-08-29 16:19 – Updated: 2024-08-29 16:36
VLAI?
Summary
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T16:35:56.160679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T16:36:08.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.6.6"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.5.5"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.4.4"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.8.2"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.1"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby\u0027s frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T16:19:21.676Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh"
},
{
"name": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23"
}
],
"source": {
"advisory": "GHSA-jm9m-rqr3-wfmh",
"discovery": "UNKNOWN"
},
"title": "Insufficient permission checks in the language settings in Kirby CMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41964",
"datePublished": "2024-08-29T16:19:21.676Z",
"dateReserved": "2024-07-24T16:51:40.952Z",
"dateUpdated": "2024-08-29T16:36:08.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27087 (GCVE-0-2024-27087)
Vulnerability from cvelistv5 – Published: 2024-02-26 16:44 – Updated: 2024-08-02 00:27
VLAI?
Summary
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T19:25:25.604500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:00.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"
},
{
"name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don\u0027t fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T16:44:31.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"
},
{
"name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"
}
],
"source": {
"advisory": "GHSA-63h4-w25c-3qv4",
"discovery": "UNKNOWN"
},
"title": "Kirby cross-site scripting (XSS) in the link field \"Custom\" type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27087",
"datePublished": "2024-02-26T16:44:31.105Z",
"dateReserved": "2024-02-19T14:43:05.992Z",
"dateUpdated": "2024-08-02T00:27:57.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26484 (GCVE-0-2024-26484)
Vulnerability from cvelistv5 – Published: 2024-02-22 00:00 – Updated: 2024-08-26 18:57
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26484",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T14:59:49.488049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:57:24.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor\u0027s position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T06:59:33.866297",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4"
},
{
"url": "https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26484",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-26T18:57:24.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26481 (GCVE-0-2024-26481)
Vulnerability from cvelistv5 – Published: 2024-02-22 00:00 – Updated: 2024-08-14 19:53
VLAI?
Summary
Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.
Severity ?
4.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getkirby:kirby:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26481",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:20:43.012523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:53:55.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T04:10:01.080497",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26481",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-14T19:53:55.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26482 (GCVE-0-2024-26482)
Vulnerability from cvelistv5 – Published: 2024-02-22 00:00 – Updated: 2024-08-29 18:01
VLAI?
Summary
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.
Severity ?
7.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kirby:kirby_cms:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby_cms",
"vendor": "kirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:59:02.052210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:01:13.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter\u0027s mentioned \"injecting malicious scripts\" would not occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T18:41:44.083411",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26482",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-29T18:01:13.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26483 (GCVE-0-2024-26483)
Vulnerability from cvelistv5 – Published: 2024-02-22 00:00 – Updated: 2025-04-22 16:22
VLAI?
Summary
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26483",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:29:31.596303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:22:51.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T04:10:51.511Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4"
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26483",
"datePublished": "2024-02-22T00:00:00.000Z",
"dateReserved": "2024-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:22:51.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-65012 (GCVE-0-2025-65012)
Vulnerability from nvd – Published: 2025-11-18 22:44 – Updated: 2025-11-19 17:06
VLAI?
Summary
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T17:06:09.917341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T17:06:24.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the \"Changes\" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T22:44:11.989Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-84hf-8gh5-575j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-84hf-8gh5-575j"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/5.1.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/5.1.4"
}
],
"source": {
"advisory": "GHSA-84hf-8gh5-575j",
"discovery": "UNKNOWN"
},
"title": "Kirby CMS has cross-site scripting (XSS) in the changes dialog"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65012",
"datePublished": "2025-11-18T22:44:11.989Z",
"dateReserved": "2025-11-13T15:36:51.679Z",
"dateUpdated": "2025-11-19T17:06:24.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31493 (GCVE-0-2025-31493)
Vulnerability from nvd – Published: 2025-05-13 15:24 – Updated: 2025-05-13 19:08
VLAI?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:08:28.624462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:08:37.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.8.3"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby-\u003ecollection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby-\u003ecollection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection(\u0027tags-\u0027 . get(\u0027tags\u0027))`. It generally also requires knowledge of the site structure and the server\u0027s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:24:40.178Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-x275-h9j4-7p4h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-x275-h9j4-7p4h"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/4.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
}
],
"source": {
"advisory": "GHSA-x275-h9j4-7p4h",
"discovery": "UNKNOWN"
},
"title": "Path traversal of collection names during file system lookup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-31493",
"datePublished": "2025-05-13T15:24:40.178Z",
"dateReserved": "2025-03-28T13:36:51.298Z",
"dateUpdated": "2025-05-13T19:08:37.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30207 (GCVE-0-2025-30207)
Vulnerability from nvd – Published: 2025-05-13 15:20 – Updated: 2025-05-13 19:37
VLAI?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby's router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:36:16.796341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:37:09.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.8.3"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP\u0027s built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby\u0027s router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:20:00.707Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-9p3p-w5jf-8xxg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-9p3p-w5jf-8xxg"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/4.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
}
],
"source": {
"advisory": "GHSA-9p3p-w5jf-8xxg",
"discovery": "UNKNOWN"
},
"title": "Kirby vulnerable to path traversal in the router for PHP\u0027s built-in server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30207",
"datePublished": "2025-05-13T15:20:00.707Z",
"dateReserved": "2025-03-18T18:15:13.849Z",
"dateUpdated": "2025-05-13T19:37:09.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30159 (GCVE-0-2025-30159)
Vulnerability from nvd – Published: 2025-05-13 15:07 – Updated: 2025-05-13 19:46
VLAI?
Summary
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby->snippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:44:40.658114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:46:41.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.8.3"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.2"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby-\u003esnippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby-\u003esnippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet(\u0027tags-\u0027 . get(\u0027tags\u0027))`. It generally also requires knowledge of the site structure and the server\u0027s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:07:02.920Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-fw82-87p8-v6hp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-fw82-87p8-v6hp"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.10.1.2"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/3.9.8.3"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/4.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/releases/tag/4.7.1"
}
],
"source": {
"advisory": "GHSA-fw82-87p8-v6hp",
"discovery": "UNKNOWN"
},
"title": "Kirby vulnerable to path traversal of snippet names in the `snippet()` helper"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30159",
"datePublished": "2025-05-13T15:07:02.920Z",
"dateReserved": "2025-03-17T12:41:42.566Z",
"dateUpdated": "2025-05-13T19:46:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41964 (GCVE-0-2024-41964)
Vulnerability from nvd – Published: 2024-08-29 16:19 – Updated: 2024-08-29 16:36
VLAI?
Summary
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T16:35:56.160679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T16:36:08.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.6.6"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.5.5"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.4.4"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.8.2"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.1.1"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby\u0027s frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T16:19:21.676Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh"
},
{
"name": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23"
}
],
"source": {
"advisory": "GHSA-jm9m-rqr3-wfmh",
"discovery": "UNKNOWN"
},
"title": "Insufficient permission checks in the language settings in Kirby CMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41964",
"datePublished": "2024-08-29T16:19:21.676Z",
"dateReserved": "2024-07-24T16:51:40.952Z",
"dateUpdated": "2024-08-29T16:36:08.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27087 (GCVE-0-2024-27087)
Vulnerability from nvd – Published: 2024-02-26 16:44 – Updated: 2024-08-02 00:27
VLAI?
Summary
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T19:25:25.604500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:00.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:57.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"
},
{
"name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don\u0027t fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T16:44:31.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4"
},
{
"name": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437"
}
],
"source": {
"advisory": "GHSA-63h4-w25c-3qv4",
"discovery": "UNKNOWN"
},
"title": "Kirby cross-site scripting (XSS) in the link field \"Custom\" type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27087",
"datePublished": "2024-02-26T16:44:31.105Z",
"dateReserved": "2024-02-19T14:43:05.992Z",
"dateUpdated": "2024-08-02T00:27:57.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26484 (GCVE-0-2024-26484)
Vulnerability from nvd – Published: 2024-02-22 00:00 – Updated: 2024-08-26 18:57
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26484",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T14:59:49.488049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:57:24.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor\u0027s position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T06:59:33.866297",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4"
},
{
"url": "https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26484",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-26T18:57:24.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26481 (GCVE-0-2024-26481)
Vulnerability from nvd – Published: 2024-02-22 00:00 – Updated: 2024-08-14 19:53
VLAI?
Summary
Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.
Severity ?
4.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getkirby:kirby:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby",
"vendor": "getkirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26481",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:20:43.012523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:53:55.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T04:10:01.080497",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26481",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-14T19:53:55.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26482 (GCVE-0-2024-26482)
Vulnerability from nvd – Published: 2024-02-22 00:00 – Updated: 2024-08-29 18:01
VLAI?
Summary
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.
Severity ?
7.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kirby:kirby_cms:4.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kirby_cms",
"vendor": "kirby",
"versions": [
{
"status": "affected",
"version": "4.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:59:02.052210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:01:13.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter\u0027s mentioned \"injecting malicious scripts\" would not occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T18:41:44.083411",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26482",
"datePublished": "2024-02-22T00:00:00",
"dateReserved": "2024-02-19T00:00:00",
"dateUpdated": "2024-08-29T18:01:13.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26483 (GCVE-0-2024-26483)
Vulnerability from nvd – Published: 2024-02-22 00:00 – Updated: 2025-04-22 16:22
VLAI?
Summary
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26483",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:29:31.596303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:22:51.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T04:10:51.511Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4"
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-26483",
"datePublished": "2024-02-22T00:00:00.000Z",
"dateReserved": "2024-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:22:51.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}