CVE-2024-26482

Name of the Vulnerable Software and Affected Versions Kirby CMS version 4.1.0

Description An HTML injection issue exists in the Edit Content Layout module. The vendor disputes the significance of this report, stating that some HTML formatting is allowed and backend sanitization prevents the injection of malicious scripts. However, it is reported that this could allow attackers to execute arbitrary code via a crafted payload.

Recommendations For Kirby CMS version 4.1.0, consider disabling the Edit Content Layout module until further guidance is available from the vendor, as a temporary workaround to minimize potential risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.