XSS in Getkirby Kirby

CVE-2026-44175

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting (XSS). Kirby's list field stores…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References