Lucene search

K
nvd[email protected]NVD:CVE-2024-26484
HistoryFeb 22, 2024 - 5:15 a.m.

CVE-2024-26484

2024-02-2205:15:10
web.nvd.nist.gov
cross-site scripting
web security
cve-2024-26484
kirby cms
demo site

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor’s position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

Related for NVD:CVE-2024-26484