A vulnerability, which was classified as problematic, has been found in getkirby Kirby up to 4.9.3/5.4.3. Affected by this issue is the function Dom::sanitize/Sane::sanitize/Sane::Html::sanitize/Sane::Svg::sanitize/Sane::Xml::sanitize/Sane::sanitizeFile/sanitizeContents of the component List. Performing a manipulation results in cross site scripting.

This vulnerability is identified as CVE-2026-54002. The attack can be initiated remotely. There is not any exploit available.