kiwitcms@12.3 vulnerabilities

Test Case Management System

Known vulnerabilities in the kiwitcms package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Command Injection kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Command Injection by ignoring the `Content-Type: text/plain` header under certain conditions and insufficiently sanitizing inputs, allowing scripts to be executed. How to fix Command Injection? A fix was pushed into the `master` branch but not yet published.	[0,)
H Cross-site Scripting (XSS) kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, by allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. How to fix Cross-site Scripting (XSS)? A fix was pushed into the `master` branch but not yet published.	[0,)
H Cross-site Scripting (XSS) kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper file content validation, which might result in stored XSS. Exploiting this vulnerability is possible by uploading a maliciously crafted file. How to fix Cross-site Scripting (XSS)? Upgrade `kiwitcms` to version 12.4 or higher.	[,12.4)