CVE-2018-16630
Kirby CMS, version 2.5.12, is affected by a Cross‑Site Scripting (XSS) vulnerability involving the Upload SVG option in the “site files” feature. The issue arises from insufficient validation when uploading SVG files, enabling attacker‑supplied SVG content to be processed in a way that triggers X...