2 matches found
CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
CVE-2022-36037
CVE-2022-36037 describes a cross-site scripting (XSS) flaw in Kirby CMS related to the Panel’s multiselect field. The vulnerability arises because Kirby 3.5 used HTML rendering for the raw option value, allowing attackers who can influence the options source (e.g., content of sibling pages or an ...