EPSS
Percentile
32.3%
getkirby/cms is vulnerable to Cross-site Scripting (XSS). The use of the v-html tag in MultiselectInput.vue allows an attacker to inject and execute malicious javascript through the dynamic options in the multi-select field
v-html
MultiselectInput.vue
github.com/getkirby/kirby/commit/b5b8863885e17556abc070dde1e20aec15fbfdf5
github.com/getkirby/kirby/releases/tag/3.5.8.1
github.com/getkirby/kirby/security/advisories/GHSA-3f89-869f-5w76