2 matches found
CVE-2021-41252
Kirby CMS vulnerability CVE-2021-41252 affects the writer field in Kirby’s site frontend: unsanitized HTML content can be injected and executed as XSS when a logged-in Panel user saves content via the API. The issue stems from inadequate escaping of HTML in the writer field, enabling malicious HT...
CVE-2021-41252 Cross-site scripting (XSS) from writer field content in the site frontend
Kirby is an open source file structured CMS Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting XSS attacks, otherwise the formatting would be lost. If the user is...