CVE-2024-26482: Kirby CMS HTML injection vulnerability

February 22, 2024 (updated February 26, 2024)

An HTML injection vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted payload.

References

github.com/advisories/GHSA-qv4x-v2v4-f8p9
github.com/getkirby/kirby
nvd.nist.gov/vuln/detail/CVE-2024-26482
shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4

Code Behaviors & Features

Detect and mitigate CVE-2024-26482 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →