{"id":"CVE-2024-26481","details":"Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.","aliases":["GHSA-57f2-8p89-66x6"],"modified":"2026-04-10T05:10:59.281667Z","published":"2024-02-22T05:15:09.867Z","related":["GHSA-57f2-8p89-66x6"],"references":[{"type":"ADVISORY","url":"https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6"},{"type":"EVIDENCE","url":"https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/getkirby/kirby","events":[{"introduced":"0"},{"fixed":"22c2137a4b90a5b8bc54aec67f0123869d007b1a"},{"introduced":"d210f26602cf72c926d8ccf8befd61d7831888da"},{"fixed":"ae19b026daa771992f18404c585ed68c25499de0"},{"introduced":"3e5899b628a2b59c1833a8d79eda292a7fe06843"},{"fixed":"077d2d6f1fa3628632097e36bc970403854b3564"},{"introduced":"066b0506a81fdd331edc54add601d907a61ebbb4"},{"fixed":"d1386803fd683d188e9d68158509f99b39d6a381"},{"introduced":"40eae8e8a4e1705412c64de63984376eeaa8b259"},{"last_affected":"1353c9fbe3ede6bee946f527d146841719eef7d5"},{"introduced":"0"},{"last_affected":"d2e98d7bc032d3a7d6dc0687de7d0b88140e8497"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.6.6.5"},{"introduced":"3.7.0"},{"fixed":"3.7.5.4"},{"introduced":"3.8.0"},{"fixed":"3.8.4.3"},{"introduced":"3.9.0"},{"fixed":"3.9.8.1"},{"introduced":"4.0.0"},{"last_affected":"4.1.1"},{"introduced":"0"},{"last_affected":"3.10.0"}]}}],"versions":["3.0.0","3.0.1","3.0.2","3.0.2-rc.1","3.0.3","3.0.3-rc.1","3.0.3-rc.2","3.0.3-rc.3","3.1.0","3.1.0-rc.1","3.1.1","3.1.2","3.1.2-rc.1","3.1.3","3.1.3-rc.1","3.1.4","3.1.4-rc.1","3.10.0","3.2.0","3.2.0-rc.1","3.2.0-rc.2","3.2.0-rc.3","3.2.0-rc.4","3.2.1","3.2.1-rc.1","3.2.2","3.2.3-rc.1","3.2.5","3.2.5-rc.1","3.2.5-rc.2","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.4.0","3.4.1","3.4.2","3.5.0","3.5.0-rc.1","3.5.0-rc.2","3.5.0-rc.3","3.5.0-rc.4","3.5.0-rc.5","3.5.0-rc.6","3.5.0-rc.7","3.5.1","3.5.1-rc.1","3.5.2","3.5.3","3.5.3.1","3.5.4","3.5.5","3.5.6","3.5.7","3.5.7.1","3.6.0","3.6.1.1","3.6.2","3.6.2-rc.1","3.6.2-rc.2","3.6.2-rc.3","3.6.3","3.6.3.1","3.6.4","3.6.5","3.6.6","3.6.6.1","3.6.6.2","3.6.6.3","3.6.6.4","3.7.0","3.7.0.1","3.7.0.2","3.7.1","3.7.2","3.7.2.1","3.7.3","3.7.4","3.7.4-rc.1","3.7.5","3.7.5.1","3.7.5.2","3.7.5.3","3.8.0","3.8.1","3.8.1.1","3.8.2","3.8.3","3.8.4","3.8.4.1","3.8.4.2","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.6","3.9.6-rc.1","3.9.6.1","3.9.7","3.9.8","4.0.0","4.0.1","4.0.2","4.0.3","4.1.0","4.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}