3 matches found
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26484
Kirby CMS 4.1.0 has a stored XSS in the Edit Content Layout module, exploitable via crafted payload in the Link field. Root cause: lack of proper filtering/escaping in the Link field. Impact described in sources as potentially arbitrary web script execution; however, vendor notes the issue did no...