Lucene search

GitHub Advisory DatabaseGHSA-275C-V3RC-XGHX

HistoryMay 14, 2022 - 12:55 a.m.

Kirby XSS Vulnerability

2022-05-1400:55:16

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

svg

content file

security

vulnerability

kirby panel

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.8%

JSON

A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

Affected configurations

Vulners

Node

getkirbykirbyRange<2.5.7

getkirbykirbyRange<2.4.2

getkirbykirbyRange<2.3.3

VendorProductVersionCPE
getkirbykirby*cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
getkirby	kirby	*	cpe:2.3:a:getkirby:kirby::::::::

References

getkirby.com/changelog/kirby-2-5-7

github.com/advisories/GHSA-275c-v3rc-xghx

nvd.nist.gov/vuln/detail/CVE-2017-16807

packetstormsecurity.com/files/144965/KirbyCMS-Cross-Site-Scripting.html

www.exploit-db.com/exploits/43140/

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.8%

JSON

Related for GHSA-275C-V3RC-XGHX