3 matches found
CVE-2021-41258
Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters to protect against...
CVE-2021-41258 Cross-site scripting (XSS) from image block content in the site frontend
Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters to protect against...
CVE-2021-41258
Kirby CVE-2021-41258 is a cross-site scripting (XSS) issue in Kirby’s blocks image output. The default image block snippet failed to escape HTML, allowing malicious code in source/alt/link fields to run in visitors’ browsers. Exploitation requires the attacker to be in the same authenticated Pane...