5 matches found
CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...
CVE-2026-54002
Kirby CMS is affected by an XSS issue (CVE-2026-54002) in earlier releases. The vulnerability arises when untrusted input is processed by Dom::sanitize() and related sanitization helpers (Sane::sanitize, SaneHtml/SaneSvg/SaneXml, Sane::sanitizeFile, and file sanitizeContents), or when writer/list...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Dom::sanitize function. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious markup as children of unknown HTML/XML tags, which are not properly sanitize...
Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`
TL;DR This vulnerability affects Kirby sites and plugins that use the writer or list fields or that use $dom-sanitize, Sane::sanitize, Sane\Html::sanitize, Sane\Svg::sanitize, Sane\Xml::sanitize, Sane::sanitizeFile or $file-sanitizeContents with untrusted input. It was possible to inject maliciou...
PT-2026-50723
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins that process untrusted input using the writer or list fields, or specific sanitization methods, are subject to stored cross-site scripting XSS. XSS...