Vulnerabilities > Kiwitcms

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-36809 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc.
network
low complexity
kiwitcms CWE-79
5.4
5.4
2023-06-06 CVE-2023-33977 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system for both manual and automated testing.
network
low complexity
kiwitcms CWE-79
5.4
5.4
2023-05-27 CVE-2023-32686 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system for both manual and automated testing.
network
low complexity
kiwitcms CWE-79
5.4
5.4
2023-04-24 CVE-2023-30628 OS Command Injection vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system.
network
low complexity
kiwitcms CWE-78
8.8
8.8
2023-04-24 CVE-2023-30544 Incorrect Authorization vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system.
network
low complexity
kiwitcms CWE-863
4.3
4.3
2023-04-24 CVE-2023-30613 Unrestricted Upload of File with Dangerous Type vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc.
network
low complexity
kiwitcms CWE-434
critical
 9.0
9.0
2023-02-15 CVE-2023-25156 Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0.
network
low complexity
kiwitcms CWE-307
critical
 9.8
9.8
2023-02-15 CVE-2023-25171 Allocation of Resources Without Limits or Throttling vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0.
network
high complexity
kiwitcms CWE-770
5.9
5.9
2023-01-02 CVE-2023-22451 Weak Password Requirements vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system.
network
low complexity
kiwitcms CWE-521
8.8
8.8
2022-11-21 CVE-2022-4105 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
network
low complexity
kiwitcms CWE-79
5.4
5.4