Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-32686
HistoryMay 27, 2023 - 4:15 a.m.

Input validation

2023-05-2704:15:00
PRIOn knowledge base
www.prio-n.com
3
kiwi tcms
upload validation
vulnerability
patched
v12.3
nvd
security issue

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3.

CPENameOperatorVersion
kiwi_tcmsle12.2

Related

cvelist 1
nvd 1
github 1
veracode 1
osv 2
cve 1
cvelist
cvelist
CVE-2023-32686 kiwitcms vulnerable to stored XSS via unrestricted files upload
2023-05-27 03:58:10
nvd
nvd
CVE-2023-32686
2023-05-27 04:15:25
github
github
kiwitcms vulnerable to stored XSS via unrestricted files upload
2023-05-22 19:39:46
veracode
veracode
Cross-site Scripting (XSS)
2023-06-01 07:40:54
osv
osv
CVE-2023-32686
2023-05-27 04:15:25
kiwitcms vulnerable to stored XSS via unrestricted files upload
2023-05-22 19:39:46
cve
cve
CVE-2023-32686
2023-05-27 04:15:25

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON
Related for PRION:CVE-2023-32686
cvelist1nvd1github1veracode1osv2cve1