Vulnerabilities > Kiwitcms > Kiwi Tcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-36809 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc.
network
low complexity
kiwitcms CWE-79
5.4
5.4
2023-06-06 CVE-2023-33977 Unspecified vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system for both manual and automated testing.
network
low complexity
kiwitcms
5.4
5.4
2023-05-27 CVE-2023-32686 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system for both manual and automated testing.
network
low complexity
kiwitcms CWE-79
5.4
5.4
2023-04-24 CVE-2023-30544 Incorrect Authorization vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system.
network
low complexity
kiwitcms CWE-863
4.3
4.3
2023-03-29 CVE-2023-27489 Unspecified vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS is an open source test management system for both manual and automated testing.
network
low complexity
kiwitcms
5.4
5.4
2023-02-15 CVE-2023-25171 Allocation of Resources Without Limits or Throttling vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0.
network
high complexity
kiwitcms CWE-770
5.9
5.9
2022-11-21 CVE-2022-4105 Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
network
low complexity
kiwitcms CWE-79
5.4
5.4