Описание
Kirby XSS Vulnerability
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
Пакеты
Наименование
getkirby/cms
composer
Затронутые версииВерсия исправления
< 2.3.3
2.3.3
Наименование
getkirby/cms
composer
Затронутые версииВерсия исправления
>= 2.4, < 2.4.2
2.4.2
Наименование
getkirby/cms
composer
Затронутые версииВерсия исправления
>= 2.5, < 2.5.7
2.5.7
Связанные уязвимости
CVSS3: 5.4
nvd
почти 8 лет назад
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.