GHSA-X5MR-P6V4-WP93 Field injection in the KirbyData text storage handler

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file e.g. via a contact or comment form. Your Kirby sites are not affected if they don't allow write access for...

XML External Entity (XXE) vulnerability in the XML data handler

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the affected methods. If you use an affected method and cannot rule out XML input controlled by an...