We found results for “”
WS-2023-0129
Good to know:
Date: April 15, 2023
Kiwitcms prior to 12.1 is vulnerable to Stored XSS. It is possible to run malicious javascript and become admin and use also other api endpoint without permission.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |