Lucene search
K

5 matches found

Cvelist
Cvelist
added yesterday5 views

CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS
Exploits0References7
CVE
CVE
added yesterday20 views

CVE-2026-54002

Kirby CMS is affected by an XSS issue (CVE-2026-54002) in earlier releases. The vulnerability arises when untrusted input is processed by Dom::sanitize() and related sanitization helpers (Sane::sanitize, SaneHtml/SaneSvg/SaneXml, Sane::sanitizeFile, and file sanitizeContents), or when writer/list...

8.5CVSS5.5AI score
Exploits0References7
Snyk
Snyk
added 2026/06/18 3:4 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Dom::sanitize function. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious markup as children of unknown HTML/XML tags, which are not properly sanitize...

8.5CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/18 3:4 p.m.13 views

Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`

TL;DR This vulnerability affects Kirby sites and plugins that use the writer or list fields or that use $dom-sanitize, Sane::sanitize, Sane\Html::sanitize, Sane\Svg::sanitize, Sane\Xml::sanitize, Sane::sanitizeFile or $file-sanitizeContents with untrusted input. It was possible to inject maliciou...

8.5CVSS5.3AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50723

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins that process untrusted input using the writer or list fields, or specific sanitization methods, are subject to stored cross-site scripting XSS. XSS...

8.5CVSS6AI score
Exploits0References10
Rows per page
Query Builder