Skip to main content

Kiwi Tcms

11 CVEs product

Monthly

CVE-2023-36809 PyPI MEDIUM POC PATCH This Month

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla XSS Nginx File Upload Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33977 PyPI MEDIUM POC PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nginx Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-32686 PyPI MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30628 PyPI HIGH POC PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Kiwi Tcms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-30613 PyPI CRITICAL POC PATCH Act Now

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2023-30544 PyPI MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Tcms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-27489 PyPI MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25171 PyPI MEDIUM PATCH This Month

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-25156 PyPI CRITICAL PATCH Act Now

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22451 HIGH PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brute Force Kiwi Tcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4105 PyPI MEDIUM POC PATCH This Month

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla XSS Nginx +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nginx Kiwi Tcms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kiwi Tcms
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Kiwi Tcms
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Kiwi Tcms
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Tcms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kiwi Tcms
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brute Force Kiwi Tcms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kiwi Tcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy