Getkirby Kirby Vulnerabilities

Arbitrary Content Modification in Kirby CMS by GetKirby

CVE-2025-65012

GetkirbyKirby5.1MEDIUM

Path Traversal Vulnerability in Kirby Content Management System

CVE-2025-31493

GetkirbyKirby6.3MEDIUM

Path Traversal Vulnerability in Kirby CMS Affects Local Development Setups

CVE-2025-30207

GetkirbyKirby2.3LOW

Path Traversal Vulnerability in Kirby Content Management System

CVE-2025-30159

GetkirbyKirby6.3MEDIUM

Insufficient Permission Checks in Kirby CMS Allow Language Manipulation

CVE-2024-41964

GetkirbyKirby8.1HIGH

Kirby Link Field Vulnerability Could Lead to Arbitrary JavaScript Execution

CVE-2024-27087

GetkirbyKirby5.4MEDIUM

Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

CVE-2023-38491

GetkirbyKirby5.7MEDIUM

Kirby vulnerable to denial of service from unlimited password lengths

CVE-2023-38492

GetkirbyKirby5.3MEDIUM

Kirby vulnerable to field injection in the KirbyData text storage handler

CVE-2023-38488

GetkirbyKirby7.1HIGH

Kirby vulnerable to Insufficient Session Expiration after a password change

CVE-2023-38489

getkirbykirby7.3HIGH

Kirby XML External Entity (XXE) vulnerability in the XML data handler

CVE-2023-38490

GetkirbyKirby👾🟡6.8MEDIUM

Kirby CMS vulnerable to user enumeration in the brute force protection

CVE-2022-39315

GetkirbyKirby6.5MEDIUM

User enumeration in the code-based login and password reset forms

CVE-2022-39314

GetkirbyKirby4.8MEDIUM

Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby

CVE-2022-36037

GetkirbyKirby5.9MEDIUM

CSRF Vulnerability in Kirby CMS by Kirby, Inc.

CVE-2018-14519

GetkirbyKirby4.3MEDIUM

Cross-Site Request Forgery Vulnerability in Kirby CMS

CVE-2018-14520

GetkirbyKirby👾🟡5.4MEDIUM

Cross-site scripting (XSS) from image block content in the site frontend

CVE-2021-41258

GetkirbyKirby7.3HIGH

Cross-site scripting (XSS) from writer field content in the site frontend

CVE-2021-41252

GetkirbyKirby7.3HIGH

Cross-site scripting (XSS) from field and configuration text displayed in the Panel

CVE-2021-32735

GetkirbyKirby7.1HIGH

Cross-site scripting (XSS) from unsanitized uploaded SVG files

CVE-2021-29460

GetkirbyKirby7.6HIGH

PHP Phar archives could be uploaded and executed in Kirby

CVE-2020-26255

GetkirbyKirby6.8MEDIUM

.dev domains treated as local in Kirby

CVE-2020-26253

GetkirbyKirby6.8MEDIUM

Persistent XSS Vulnerability in Kirby Content Management System

CVE-2018-16623

GetkirbyKirby4.8MEDIUM

Cross-Site Scripting Vulnerability in Kirby CMS by Get Kirby

CVE-2018-16624

GetkirbyKirby5.4MEDIUM

Cross-Site Scripting Vulnerability in Kirby by Get Kirby

CVE-2018-16630

GetkirbyKirby4.8MEDIUM

Vulnerability Published:

Sort By:

18 November 2025

Arbitrary Content Modification in Kirby CMS by GetKirby

13 May 2025

Path Traversal Vulnerability in Kirby Content Management System

Path Traversal Vulnerability in Kirby CMS Affects Local Development Setups

Path Traversal Vulnerability in Kirby Content Management System

29 August 2024

Insufficient Permission Checks in Kirby CMS Allow Language Manipulation

26 February 2024

Kirby Link Field Vulnerability Could Lead to Arbitrary JavaScript Execution

27 July 2023

Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

Kirby vulnerable to denial of service from unlimited password lengths

Kirby vulnerable to field injection in the KirbyData text storage handler

Kirby vulnerable to Insufficient Session Expiration after a password change

Kirby XML External Entity (XXE) vulnerability in the XML data handler

25 October 2022

Kirby CMS vulnerable to user enumeration in the brute force protection

24 October 2022

User enumeration in the code-based login and password reset forms

29 August 2022

Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby

24 August 2022

CSRF Vulnerability in Kirby CMS by Kirby, Inc.

Cross-Site Request Forgery Vulnerability in Kirby CMS

16 November 2021

Cross-site scripting (XSS) from image block content in the site frontend

Cross-site scripting (XSS) from writer field content in the site frontend

2 July 2021

Cross-site scripting (XSS) from field and configuration text displayed in the Panel

27 April 2021

Cross-site scripting (XSS) from unsanitized uploaded SVG files

8 December 2020

PHP Phar archives could be uploaded and executed in Kirby

.dev domains treated as local in Kirby

13 May 2019

Persistent XSS Vulnerability in Kirby Content Management System

Cross-Site Scripting Vulnerability in Kirby CMS by Get Kirby

28 December 2018

Cross-Site Scripting Vulnerability in Kirby by Get Kirby