Stored Cross-Site Scripting in Kirby Content Management System
CVE-2026-54002
8.5HIGH
What is CVE-2026-54002?
The Kirby Content Management System is susceptible to a stored cross-site scripting vulnerability when utilizing certain fields or sanitization functions. Malicious users can exploit this flaw to inject harmful markup through untrusted input, allowing it to bypass normal sanitation checks and potentially execute scripts on user browsers. This issue has been addressed in versions 4.9.4 and 5.4.4, which include improved sanitization measures to protect against these vulnerabilities.
Affected Version(s)
kirby < 4.9.4 < 4.9.4
kirby >= 5.0.0, < 5.4.4 < 5.0.0, 5.4.4
