4 matches found
CVE-2026-49276
Kirby CMS contains a self-XSS vulnerability (CVE-2026-49276) in the writer field used by any blueprint. In affected releases, a scripting link could be placed as the target of a link or email link in writer mark components, allowing the attacker to trigger JavaScript execution in the authenticate...
Kirby: Self cross-site scripting (self-XSS) in the writer field
TL;DR This vulnerability affects Kirby sites that use the writer field in any blueprint. It was possible to include a scripting link as the target of a link or email link. This link target would then be clickable by the user who entered it. A successful attack commonly requires knowledge of the...
PT-2026-50721
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites using the writer field in any blueprint are susceptible to cross-site scripting XSS. The link and email marks within the writer components fail to prevent the...
Cross-site Scripting (XSS)
getkirby/kirby is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of writer field sanitization, allowing an attacker to execute malicious javascript in the browser...