CVE-2022-4105

MEDIUM5.4EPSS 0.34%

Cross-site Scripting in kiwitcms

發布日:2022/11/21修改日:2023/11/8

描述

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

受影響套件(1)

PyPI/kiwitcmsfrom 0, < 11.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-4105
WEBhttps://github.com/kiwitcms/kiwi/commit/a2b169ffdef1d7c1755bade8138578423b35011b
WEBhttps://huntr.dev/bounties/386417e9-0cd5-4d80-8137-b0fd5c30b8f8