Lucene search
Veracode Vulnerability DatabaseVERACODE:40045HistoryApr 05, 2023 - 3:37 p.m.
Cross-site Scripting (XSS)
2023-04-0515:37:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
kiwitcms
vulnerability
svg upload
javascript
content-security-policy
malicious
EPSS
0.001
Percentile
21.0%
kiwitcms is vulnerable to stored Cross-site Scripting (XSS). The vulnerability exists because the library does not define the Content-Security-Policy header to block inline JavaScript, which allows an attacker to inject and execute malicious javascript through the malicious SVG file upload.
Related
nvd
nvd
CVE-2023-27489
2023-03-29 19:15:22
github
github
Kiwi TCMS Stored Cross-site Scripting via SVG file
2023-03-30 20:18:29
prion
prion
Code injection
2023-03-29 19:15:00
osv
osv
Kiwi TCMS Stored Cross-site Scripting via SVG file
2023-03-30 20:18:29
CVE-2023-27489
2023-03-29 19:15:22
cve
cve
CVE-2023-27489
2023-03-29 19:15:22
cvelist
cvelist
CVE-2023-27489 Stored cross site scripting via SVG file upload in Kiwi TCMS
2023-03-29 18:30:18