CVE-2025-65012
中文标题:
(暂无数据)
英文标题:
Kirby CMS has cross-site scripting (XSS) in the changes dialog
漏洞描述
中文描述:
(暂无数据)
英文描述:
Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| getkirby | kirby | >= 5.0.0, < 5.1.4 | - | - |
cpe:2.3:a:getkirby:kirby:>=_5.0.0,_<_5.1.4:*:*:*:*:*:*:*
|
| getkirby | kirby | * | - | - |
cpe:2.3:a:getkirby:kirby:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-65012 |
2025-11-21 02:02:47 | 2026-01-12 02:12:21 |
| NVD | nvd_CVE-2025-65012 |
2025-11-27 03:28:48 | 2026-01-12 02:28:01 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']