getkirby/cms Security Advisories for 4.0.0-alpha.4 (4)
-
[MEDIUM] Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
PKSA-y4dk-fxrr-rv4m CVE-2024-27087 GHSA-63h4-w25c-3qv4
Affected version: >=4.0.0,<4.1.1
Reported by:
GitHub -
[MEDIUM] Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
PKSA-sz76-zpcd-hvzc CVE-2024-26481 GHSA-57f2-8p89-66x6
Affected version: >=4.0.0,<=4.1.0|=3.10.0|>=3.9.0,<=3.9.8|>=3.8.0,<=3.8.4.2|>=3.7.0,<=3.7.5.3|<=3.6.6.4
Reported by:
GitHub -
[MEDIUM] Kirby vulnerable to unrestricted file upload of user avatar images
PKSA-yxtp-sp4n-y3tf CVE-2024-26483 GHSA-xrvh-rvc4-5m43
Affected version: >=4.0.0,<=4.1.0|=3.10.0|>=3.9.0,<=3.9.8|>=3.8.0,<=3.8.4.2|>=3.7.0,<=3.7.5.3|<=3.6.6.4
Reported by:
GitHub -
[MEDIUM] Kirby CMS HTML injection vulnerability
PKSA-x371-65jb-pv6y CVE-2024-26482 GHSA-qv4x-v2v4-f8p9
Affected version: <=4.1.0
Reported by:
GitHub