Plynatwara

**Name of the Vulnerable Software and Affected Versions** CoreShop versions prior to 4.1.8 **Description** CoreShop is a Pimcore enhanced eCommerce solution. A blind SQL injection exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. **Recommendations** Update CoreShop to version 4.1.8 or later.

**Name of the Vulnerable Software and Affected Versions** Kirby versions prior to 4.1.1 **Description** Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the `javascript:` URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This issue can lead to cross-site scripting (XSS) attacks, which can trigger requests to Kirby's API with the permissions of the victim, potentially escalating privileges if an attacker gains access to the Panel session of an admin user. **Recommendations** For versions prior to 4.1.1, update to Kirby 4.1.1 or a later version to fix the vulnerability. As a temporary workaround, consider disabling the "Custom" link type or adding additional validation to prevent the execution of arbitrary JavaScript code. Restrict access to the link field to minimize the risk of exploitation. If you limit the acceptable link types with the `options` field property, you are already protected.

**Name of the Vulnerable Software and Affected Versions** Kirby CMS version 4.1.0 **Description** A reflected self-XSS vulnerability was discovered in Kirby CMS via the URL parameter. This issue can be exploited when a user is tricked into executing malicious JavaScript code within their own context, often through social engineering techniques. The vulnerability is limited to self-XSS and cannot directly affect other users or visitors of the site. A successful attack commonly requires knowledge of the content structure by the attacker as well as social engineering of a user with access to the Panel. **Recommendations** To resolve the issue, update to one of the following versions or a later version: Kirby 3.6.6.5, Kirby 3.7.5.4, Kirby 3.8.4.3, Kirby 3.9.8.1, Kirby 3.10.0.1, or Kirby 4.1.1. As a temporary workaround, consider avoiding the use of the URL field in any blueprint until a patch is available. Restrict access to the Panel to minimize the risk of exploitation. Avoid using the `javascript:` URL in the link target of the link button to prevent malicious code execution.

**Name of the Vulnerable Software and Affected Versions** Kirby CMS version 4.1.0 **Description** The issue is related to an arbitrary file upload vulnerability in the Profile Image module, allowing attackers to execute arbitrary code via a crafted PDF file. This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor and cannot be automated. The vulnerability can be abused to upload unexpected file types, such as PDFs, which could make it possible to perform cross-site scripting (XSS) attacks. **Recommendations** For Kirby CMS version 4.1.0, update to version 4.1.1 or a later version to fix the vulnerability. This update includes validations that prevent any files that don't have an image file extension or MIME type from being uploaded as a user avatar. As a temporary workaround, consider restricting access to the Profile Image module to minimize the risk of exploitation. Avoid using the module to upload files other than images until the issue is resolved.