XSS in Getkirby Kirby

CVE-2026-54002

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize(), Sane::sanitize(), Sane::Html::sanitize(), Sane::Svg::sanitize(), Sane::Xml::sa…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References