CVE-2021-29460

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like [removed] tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in ...

CVE-2021-32735

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's ListItem component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can es...