PT-2023-21841 · Unknown · Fluid Components

Name of the Vulnerable Software and Affected Versions: fluid components extension versions prior to 3.5.0 Description: The issue allows Cross-Site Scripting XSS via a component argument parameter, specifically in certain content use cases that may be edge cases. All versions of the Fluid Componen...

GHSA-RV3R-VQJJ-8C76 Cross-site scripting from content entered in the tags and multiselect fields

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...