PT-2018-13657 · Kirby · Kirby
Published
2018-12-28
·
Updated
2022-05-14
·
CVE-2018-16630
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kirby version 2.5.12
Description
The issue allows for XSS by utilizing the site files Add option to upload an SVG file.
Recommendations
For version 2.5.12, avoid using the Add option in site files to upload SVG files until a fix is available. Consider restricting access to the file upload feature to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kirby