CVE-2024-26484

Name of the Vulnerable Software and Affected Versions Kirby CMS version 4.1.0

Description A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. The vendor's position is that this issue did not affect any version of Kirby CMS, and the only effect was on the trykirby.com demo site, which is not customer-controlled.

Recommendations For Kirby CMS version 4.1.0, consider disabling the Edit Content Layout module until a patch is available. Restrict access to the Link field in the Edit Content Layout module to minimize the risk of exploitation.