kiwitcms@12.2 vulnerabilities
Test Case Management System
-
latest version
12.4
-
first published
5 years ago
-
latest version published
a year ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the kiwitcms package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Command Injection by ignoring the How to fix Command Injection? A fix was pushed into the |
[0,)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, by allowing certain browsers like Firefox to ignore the How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper file content validation, which might result in stored XSS. Exploiting this vulnerability is possible by uploading a maliciously crafted file. How to fix Cross-site Scripting (XSS)? Upgrade |
[,12.4)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via unrestricted files upload. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent cross-site-scripting attacks, see GHSA-2wcr-87wf-cf9j. The upload validation checks are not robust enough which leave the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploting this flaw a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. How to fix Cross-site Scripting (XSS)? Upgrade |
[,12.3)
|