Vulnerabilities > Getkirby > Kirby > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-26253 | Origin Validation Error vulnerability in Getkirby Kirby Kirby is a CMS. | 5.9 |
| 2019-05-13 | CVE-2018-16624 | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. | 5.4 |
| 2019-05-13 | CVE-2018-16623 | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. | 4.8 |
| 2018-12-28 | CVE-2018-16630 | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | 4.8 |
| 2018-12-20 | CVE-2018-16627 | Injection vulnerability in Getkirby Kirby 2.5.12 panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | 6.1 |
| 2018-12-04 | CVE-2018-16628 | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 panel/login in Kirby v2.5.12 allows XSS via a blog name. | 5.4 |