CVE-2017-16807

Published: Nov 13, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.

Affected (3)

Products: Getkirby: Panel

Getkirby

1 product

Panel

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Getkirby Panel	Before 2.3.3
Getkirby Panel	From 2.4.0 to 2.4.2
Getkirby Panel	From 2.5.0 to 2.5.7

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://getkirby.com/changelog/kirby-2-5-7

Source: cve@mitre.org

Broken Link

https://packetstormsecurity.com/files/144965/KirbyCMS-Cross-Site-Scripting.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/43140/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://getkirby.com/changelog/kirby-2-5-7

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://packetstormsecurity.com/files/144965/KirbyCMS-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/43140/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.