A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| getkirby/cms(Packagist) | 0 | 2.3.3 | N/A |
| getkirby/cms(Packagist) | 2.4 | 2.4.2 | N/A |
| getkirby/cms(Packagist) | 2.5 | 2.5.7 | N/A |
CVSS Metrics
