[HIGH] Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend

PKSA-d956-rcc1-9n2f CVE-2026-45368 GHSA-qvjf-922g-pj44

Affected package: getkirby/cms

Affected version: >=5.0.0,<=5.4.0|<=4.9.0

Reported by:
GitHub