Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
Advisories for Composer/Getkirby/Kirby package
2022
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.