Skip to content

Kirby CMS HTML injection vulnerability

Moderate severity GitHub Reviewed Published Feb 22, 2024 to the GitHub Advisory Database • Updated Feb 26, 2024

Package

composer getkirby/cms (Composer)

Affected versions

<= 4.1.0

Patched versions

None

Description

An HTML injection vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted payload.

References

Published by the National Vulnerability Database Feb 22, 2024
Published to the GitHub Advisory Database Feb 22, 2024
Reviewed Feb 26, 2024
Last updated Feb 26, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2024-26482

GHSA ID

GHSA-qv4x-v2v4-f8p9

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.