Kirby CMS has cross-site scripting (XSS) in the changes dialog

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Kirby 跨站脚本漏洞

Kirby是Kirby开源的一套基于文件的内容管理系统（CMS）。 Kirby 5.0.0版本至5.1.3版本存在跨站脚本漏洞，该漏洞源于恶意字符串修改和内容字段操作，可能导致恶意代码执行。

N/A

N/A