kiwitcms@6.6 vulnerabilities
Test Case Management System
-
latest version
12.4
-
first published
5 years ago
-
latest version published
a year ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the kiwitcms package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Command Injection by ignoring the How to fix Command Injection? A fix was pushed into the |
[0,)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Improper Authorization allowing users to update their email addresses via the How to fix Improper Authorization? Upgrade |
[,12.2)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, by allowing certain browsers like Firefox to ignore the How to fix Cross-site Scripting (XSS)? A fix was pushed into the |
[0,)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper file content validation, which might result in stored XSS. Exploiting this vulnerability is possible by uploading a maliciously crafted file. How to fix Cross-site Scripting (XSS)? Upgrade |
[,12.4)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via unrestricted files upload. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent cross-site-scripting attacks, see GHSA-2wcr-87wf-cf9j. The upload validation checks are not robust enough which leave the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploting this flaw a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. How to fix Cross-site Scripting (XSS)? Upgrade |
[,12.3)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Arbitrary File Upload such that a malicious actor may upload an How to fix Arbitrary File Upload? Upgrade |
[,12.2)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to accepting SVG files uploaded by users, which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. How to fix Cross-site Scripting (XSS)? Upgrade |
[,12.1)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing impose rate limits which makes it easier to attempt brute-force attacks against the login page. How to fix Denial of Service (DoS)? Upgrade |
[,12.0)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the "Password Reset" page, when an attacker could send a large number of valid emails connected to users in Kiwi TCMS. Exploiting this vulnerability is possible due to missing rate limiting. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,12.0)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Weak Password Requirements which allows attackers to more easily guess a weak password after a user has registered a new account or changed passwords. How to fix Weak Password Requirements? Upgrade |
[,11.7)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS). HTML input was not cleared when generating history diff. How to fix Cross-site Scripting (XSS)? Upgrade |
[,11.6)
|
kiwitcms is a Test Case Management System Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via Test Plans, when viewed through the history page. How to fix Cross-site Scripting (XSS)? Upgrade |
[,11.6)
|