Search Results | AttackerKB

7 Total Results

Displaying 1-7 of 7

Attacker Value

Unknown

CVE-2018-14520

Disclosure Date: August 24, 2022 (last updated October 08, 2023)

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.

Attacker Value

Unknown

CVE-2018-14519

Disclosure Date: August 24, 2022 (last updated October 08, 2023)

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2018-16623

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.

Attacker Value

Unknown

CVE-2018-16624

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.

Attacker Value

Unknown

CVE-2018-16630

Disclosure Date: December 28, 2018 (last updated November 27, 2024)

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

Attacker Value

Unknown

CVE-2018-16627

Disclosure Date: December 20, 2018 (last updated November 27, 2024)

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

Attacker Value

Unknown

CVE-2018-16628

Disclosure Date: December 04, 2018 (last updated November 27, 2024)

panel/login in Kirby v2.5.12 allows XSS via a blog name.

7 Total Results

Displaying 1-7 of 7

Unknown

CVE-2018-14520

Unknown

CVE-2018-14519

Unknown

CVE-2018-16623

Unknown

CVE-2018-16624

Unknown

CVE-2018-16630

Unknown

CVE-2018-16627

Unknown

CVE-2018-16628

Quick Cookie Notification