Known Vulnerabilities for products from Getkirby
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Getkirby".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-29905 json | Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) ... | Not Provided | 2026-03-26 | 2026-04-02 |
| CVE-2023-38492 json | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affe... | 7.5 - HIGH | 2023-07-27 | 2023-08-03 |
| CVE-2023-38491 json | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affe... | 5.4 - MEDIUM | 2023-07-27 | 2023-08-03 |
| CVE-2023-38490 json | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only... | 10 - CRITICAL | 2023-07-27 | 2023-08-03 |
| CVE-2023-38489 json | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affe... | 7.3 - HIGH | 2023-07-27 | 2023-08-03 |
| CVE-2023-38488 json | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affe... | 8.8 - HIGH | 2023-07-27 | 2023-08-03 |
| CVE-2022-39315 json | Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerabilit... | 5.3 - MEDIUM | 2022-10-25 | 2023-07-14 |
| CVE-2022-39314 json | Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due... | 3.7 - LOW | 2022-10-24 | 2022-10-25 |
| CVE-2022-36037 json | kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interfac... | 5.4 - MEDIUM | 2022-08-29 | 2022-09-07 |
| CVE-2022-35174 json | A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web sc... | 5.4 - MEDIUM | 2022-08-18 | 2022-08-18 |
| CVE-2021-41258 json | Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block.... | 5.4 - MEDIUM | 2021-11-16 | 2021-11-18 |
| CVE-2021-41252 json | Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike... | 5.4 - MEDIUM | 2021-11-16 | 2021-11-18 |
| CVE-2021-32735 json | Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pa... | 5.4 - MEDIUM | 2021-07-02 | 2021-07-06 |
| CVE-2021-29460 json | Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful cont... | 5.4 - MEDIUM | 2021-04-27 | 2021-05-07 |
| CVE-2020-26255 json | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full... | 9.1 - CRITICAL | 2020-12-08 | 2020-12-10 |
| CVE-2020-26253 json | Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerabil... | 5.9 - MEDIUM | 2020-12-08 | 2020-12-08 |
| CVE-2018-16630 json | Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | 4.8 - MEDIUM | 2018-12-28 | 2019-02-26 |
| CVE-2018-16628 json | panel/login in Kirby v2.5.12 allows XSS via a blog name. | 5.4 - MEDIUM | 2018-12-04 | 2019-02-26 |
| CVE-2018-16627 json | panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | 6.1 - MEDIUM | 2018-12-20 | 2019-02-26 |
| CVE-2018-16624 json | panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. | 5.4 - MEDIUM | 2019-05-13 | 2019-05-13 |