Lucene search
K

5 matches found

CVE
CVE
added yesterday13 views

CVE-2026-49276

Kirby CMS contains a self-XSS vulnerability (CVE-2026-49276) in the writer field used by any blueprint. In affected releases, a scripting link could be placed as the target of a link or email link in writer mark components, allowing the attacker to trigger JavaScript execution in the authenticate...

7.4CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-49276

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...

7.4CVSS5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 3:4 p.m.8 views

Kirby: Self cross-site scripting (self-XSS) in the writer field

TL;DR This vulnerability affects Kirby sites that use the writer field in any blueprint. It was possible to include a scripting link as the target of a link or email link. This link target would then be clickable by the user who entered it. A successful attack commonly requires knowledge of the...

7.4CVSS5.4AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50721

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites using the writer field in any blueprint are susceptible to cross-site scripting XSS. The link and email marks within the writer components fail to prevent the...

7.4CVSS5.9AI score
Exploits0References6
Veracode
Veracode
added 2021/11/17 5:43 a.m.21 views

Cross-site Scripting (XSS)

getkirby/kirby is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of writer field sanitization, allowing an attacker to execute malicious javascript in the browser...

7.3CVSS5.6AI score0.00898EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder