Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2024-27087 First vendor Publication 2024-02-26
Vendor Cve Last vendor Modification 2024-12-31

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Overall CVSS Score 5.4
Base Score 5.4 Environmental Score 5.4
impact SubScore 2.7 Temporal Score 5.4
Exploitabality Sub Score 2.3
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction Required
Scope Changed Confidentiality Impact Low
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27087

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

Sources (Detail)

https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c68...
https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-12-31 21:21:00
  • Multiple Updates
2024-11-25 09:26:47
  • Multiple Updates
2024-02-27 00:27:24
  • Multiple Updates
2024-02-26 21:27:25
  • First insertion