2 matches found
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
TL;DR This vulnerability affects Kirby sites that use the URL field in any blueprint. A successful attack commonly requires knowledge of the content structure by the attacker as well as social engineering of a user with access to the Panel. The attack cannot be automated. The vulnerability is als...
Cross-site Scripting (XSS)
getkirby/kirby is vulnerable to cross-site scripting. The library does not properly escape HTML special characters, allowing an attacker to inject and execute malicious javascript. test...