Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2017-16807

A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

  • Published: Nov 13, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-16807
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
getkirby / panel - 2.3.3
getkirby / panel 2.4.0 2.4.2
getkirby / panel 2.5.0 2.5.7