EPSS
Percentile
21.4%
kiwitcms is vulnerable to cross-site scripting. The vulnerability exists in diff_objects function in history.py due to lack of validation of the store values which allows a remote attacker to inject and execute malicious javascript into system.
diff_objects
history.py
github.com/advisories/GHSA-hf94-8mx5-2vvj
github.com/kiwitcms/kiwi/commit/a2b169ffdef1d7c1755bade8138578423b35011b
github.com/kiwitcms/Kiwi/pull/2970
huntr.dev/bounties/386417e9-0cd5-4d80-8137-b0fd5c30b8f8
huntr.dev/bounties/386417e9-0cd5-4d80-8137-b0fd5c30b8f8/