What is CVE-2021-32735?

CVE-2021-32735 is a high-severity vulnerability in Getkirby Kirby, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 7.1/10. Published 2021-07-02.

How severe is CVE-2021-32735?

High severity. CVSS v3 base score is 7.1 out of 10.

XSS in Getkirby Kirby

CVE-2021-32735

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scrip…

EPSS: 0.004 (60.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Getkirby Kirby — versions <= 3.5.5, <= 3.5.6

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

github.com/getkirby/kirby/security/advisories/GHSA-2f2w-349x-vrqm (x_refsource_CONFIRM)
github.com/getkirby/kirby/releases/tag/3.5.7 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32735?: CVE-2021-32735 is a high-severity vulnerability in Getkirby Kirby, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 7.1/10. Published 2021-07-02.
How severe is CVE-2021-32735?: High severity. CVSS v3 base score is 7.1 out of 10.