XSS in Getkirby Kirby

CVE-2026-45368

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL values that resolve to script execution. The…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References