Lucene search

GitHub Advisory DatabaseGHSA-H3W2-QG2R-C7MF

HistoryAug 25, 2022 - 12:00 a.m.

Kirby CMS 2.5.12 Cross-site Scripting

2022-08-2500:00:25

CWE-79

GitHub Advisory Database

github.com

kirby cms

cross-site scripting

malicious http requests

user trick

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.1%

JSON

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.

Affected configurations

Vulners

Node

getkirbykirbyRange≤2.5.12

VendorProductVersionCPE
getkirbykirby*cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
getkirby	kirby	*	cpe:2.3:a:getkirby:kirby::::::::

References

zaranshaikh.blogspot.com/2018/07/cross-site-request-forgery-kirby-cms.html

github.com/advisories/GHSA-h3w2-qg2r-c7mf

nvd.nist.gov/vuln/detail/CVE-2018-14520

www.exploit-db.com/exploits/45068