XSS in Getkirby Kirby
CVE-2026-44175
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting (XSS). Kirby's list field stores…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Getkirby Kirby — versions < 4.9.1, >= 5.0.0, < 5.4.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)