CVE-2024-26482

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-80
View all →

Vulnerability Description

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.

Related Vulnerabilities

CVE-2024-26282

HIGH
CVSS:7.1(High)

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.

CWE-802024

CVE-2024-46910

HIGH
CVSS:7.1(High)

An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fix...

CWE-802024

CVE-2024-8981

HIGH
CVSS:7.1(High)

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping ...

CWE-802024

CVE-2025-22501

HIGH
CVSS:7.1(High)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a throug...

CWE-802025

CVE-2025-31384

HIGH
CVSS:7.1(High)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.

CWE-802025

CVE-2024-4439

HIGH
CVSS:7.2(High)

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This mak...

CWE-802024