CVE-2026-45368 Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL values that resolve to script execution. The vulnerability affects four first-party Kirby renderers th...