Tag
Kirby CMS is vulnerable to stored cross-site scripting (XSS) due to insufficient sanitization of links within KirbyTags and image blocks, allowing authenticated users with content editing privileges to inject malicious JavaScript that executes when other users interact with the crafted links on the site frontend; patched in versions 4.9.1 and 5.4.1.