getkirby/cms Security Advisories for 5.0.0-alpha.2 (2)
-
[MEDIUM] Kirby is missing permission checks in the content changes API
PKSA-yfpp-rndk-cm9x CVE-2026-21896 GHSA-4j78-4xrm-cr2f
Affected version: >=5.0.0,<=5.2.1
Reported by:
GitHub -
[MEDIUM] Kirby CMS has cross-site scripting (XSS) in the changes dialog
PKSA-jms5-zv67-g12r CVE-2025-65012 GHSA-84hf-8gh5-575j
Affected version: >=5.0.0,<5.1.4
Reported by:
GitHub