Lucene search
@huntrdevCVE-2022-4105HistoryNov 21, 2022 - 8:15 p.m.
CVE-2022-4105
2022-11-2120:15:11
CWE-79
@huntrdev
web.nvd.nist.gov
42
3
cve-2022-4105
stored xss
kiwi test plan
malicious javascript
html injection
ui redressing attack
clickjacking
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
21.4%
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
Affected configurations
Node
kiwitcmskiwi_tcmsRange<11.6
CNA Affected
[
{
"vendor": "kiwitcms",
"product": "kiwitcms/kiwi",
"versions": [
{
"version": "unspecified",
"lessThan": "11.6",
"status": "affected",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-11-21 20:15:00
cvelist
cvelist
CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi
2022-11-21 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-11-23 04:57:12
nvd
nvd
CVE-2022-4105
2022-11-21 20:15:11
osv
osv
CVE-2022-4105
2022-11-21 20:15:11
Cross-site Scripting in kiwitcms
2022-11-21 21:30:15
huntr
huntr
Stored XSS and HTML injection from markdown
2022-11-02 16:43:12
github
github
Cross-site Scripting in kiwitcms
2022-11-21 21:30:15
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
21.4%
Related for CVE-2022-4105