kiwitcms
PyPI10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting kiwitcmspage 1 of 1
- CVE-2022-4105MEDIUMCVSS 5.4EG 5.4✓ Fixed in 11.62022-11-21
vulnerable: 10.0 ... 9.999 (42 versions)
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
- CVE-2023-25156HIGHCVSS 7.5EG 7.5✓ Fixed in 12.02023-02-15
vulnerable: 10.0 ... 9.999 (44 versions)
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch.…
- CVE-2023-25171HIGHCVSS 7.5EG 7.5✓ Fixed in 12.02023-02-15
vulnerable: 10.0 ... 9.999 (44 versions)
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large …
- CVE-2023-27489HIGHCVSS 7.6EG 7.6✓ Fixed in 12.12023-03-29
vulnerable: 10.0 ... 9.999 (45 versions)
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered i…
- CVE-2023-30544LOWCVSS 3.9EG 3.9✓ Fixed in 12.22023-04-24
vulnerable: 10.0 ... 9.999 (46 versions)
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with…
- CVE-2023-30613HIGHCVSS 8.1EG 8.1✓ Fixed in 12.22023-04-24
vulnerable: 10.0 ... 9.999 (46 versions)
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious ac…
- CVE-2023-30628HIGHCVSS 8.8EG 8.8✓ Fixed in 12.32023-04-24
vulnerable: 10.0 ... 9.999 (47 versions)
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.hea…
- CVE-2023-32686HIGHCVSS 8.1EG 8.1✓ Fixed in 12.32023-05-27
vulnerable: 10.0 ... 9.999 (47 versions)
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order …
- CVE-2023-33977HIGHCVSS 8.1EG 8.1✓ Fixed in 12.42023-06-06
vulnerable: 10.0 ... 9.999 (48 versions)
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order …
- CVE-2023-36809HIGHCVSS 8.1EG 8.1✓ Fixed in 12.52023-07-05
vulnerable: 10.0 ... 9.999 (49 versions)
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in or…
Check whether kiwitcms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for kiwitcms CVEs against the assets you own.
Start Free Scan →