2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of links in KirbyTags and image blocks in the site frontend when untrusted user input is processed. An attacker can execute arbitrary JavaScript code in the context of site visitors or logged-i...
PT-2026-44155
TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...