Lucene search
+L

8 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-45368

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL values that resolve to script execution. The vulnerability affects four first-party Kirby renderers th...

8.4CVSS0.00334EPSS
Exploits0References2
CVE
CVE
added 2 days ago27 views

CVE-2026-45368

Kirby CMS is affected in versions prior to 4.9.1 and 5.4.1 by an XSS in URL handling for several first‑party renderers that emit : the (link: …) KirbyTag, the link parameter of (image: …), the image block's link field, and the HTML importer for blocks. The underlying issue does not filter dangero...

8.4CVSS6.1AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 5:42 p.m.8 views

GHSA-QVJF-922G-PJ44 Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

8.4CVSS5.9AI score0.00334EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/27 5:42 p.m.12 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of links in KirbyTags and image blocks in the site frontend when untrusted user input is processed. An attacker can execute arbitrary JavaScript code in the context of site visitors or logged-i...

8.4CVSS5.8AI score0.00334EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 5:42 p.m.19 views

Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

8.4CVSS5.9AI score0.00334EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.11 views

CVE-2026-32040

OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values in image content blocks. Attackers can craft session entries with specially crafted mimeType...

6.1CVSS5.9AI score0.00148EPSS
Exploits1References1
NVD
NVD
added 2026/03/19 10:16 p.m.5 views

CVE-2026-32040

OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values in image content blocks. Attackers can craft session entries with specially crafted mimeType...

6.1CVSS0.00148EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.3 views

CVE-2026-32040

OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values in image content blocks. Attackers can craft session entries with specially crafted mimeType...

4.6CVSS5.9AI score0.00148EPSS
Exploits1References4
Rows per page
Query Builder