CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
53.0%
kiwitcms is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists because some browser fail to prevent interpreting untrusted files which allows an attacker to inject and execute arbitrary JavaScript as tests.
github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d
github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw
huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/
huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/
kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/
www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c
www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d