[MEDIUM] Kirby has XML injection in its XML creator toolkit

PKSA-rr97-2byk-h46m CVE-2026-32870 GHSA-9wfj-c55w-j9qr

Affected package: getkirby/cms

Affected version: >=5.0.0,<5.4.0|<4.9.0

Reported by:
GitHub