CVE-2022-4105

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pypi/kiwitcms

Identifiers

GHSA-hf94-8mx5-2vvj, CVE-2022-4105

Package Slug

pypi/kiwitcms

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

Affected Versions

All versions before 11.6

Solution

Upgrade to version 11.6 or above.

Last Modified

2022-11-22

source