XSS in Getkirby Kirby
CVE-2026-45368
Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL values that resolve to script execution. The…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Getkirby Kirby — versions < 4.9.1, >= 5.0.0, < 5.4.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)