Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd551230f0-3615-47bd-b7cc-93e92e730bbfNVD:CVE-2023-49111
HistoryJun 20, 2024 - 1:15 p.m.

CVE-2023-49111

2024-06-2013:15:49
CWE-79
551230f0-3615-47bd-b7cc-93e92e730bbf
web.nvd.nist.gov
2
kiuwan
single sign-on
cross-site scripting
login page
request parameter
ad sso authentication
business environment
adfs
password theft

0.0004 Low

EPSS

Percentile

9.1%

JSON

For Kiuwan installations with SSO (single sign-on) enabled, an
unauthenticated reflected cross-site scripting attack can be performed
on the login page β€œlogin.html”. This is possible due to the request parameter β€œmessage” values
being directly included in a JavaScript block in the response. This is
especially critical in business environments using AD SSO
authentication, e.g. via ADFS, where attackers could potentially steal
AD passwords.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

Related

cve 1
cvelist 1
packetstorm 1
cve
cve
CVE-2023-49111
2024-06-20 13:15:49
cvelist
cvelist
CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST
2024-06-20 12:34:38
packetstorm
packetstorm
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
2024-06-10 00:00:00

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for NVD:CVE-2023-49111
cve1cvelist1packetstorm1