Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kiwitcms kiwi tcms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-36809
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS before 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing pote...
Kiwitcms Kiwi Tcms
5.4
CVSSv3
CVE-2023-33977
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files fr...
Kiwitcms Kiwi Tcms
1 Github repository
5.4
CVSSv3
CVE-2023-32686
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files fr...
Kiwitcms Kiwi Tcms
8.8
CVSSv3
CVE-2023-30628
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value...
Kiwitcms Kiwi Tcms
9
CVSSv3
CVE-2023-30613
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS before 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file con...
Kiwitcms Kiwi Tcms
4.3
CVSSv3
CVE-2023-30544
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS before 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verifi...
Kiwitcms Kiwi Tcms
5.4
CVSSv3
CVE-2023-27489
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code coul...
Kiwitcms Kiwi Tcms
9.8
CVSSv3
CVE-2023-25156
Kiwi TCMS, an open source test management system, does not impose rate limits in versions before 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and con...
Kiwitcms Kiwi Tcms
5.9
CVSSv3
CVE-2023-25171
Kiwi TCMS, an open source test management system, does not impose rate limits in versions before 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email add...
Kiwitcms Kiwi Tcms
8.8
CVSSv3
CVE-2023-22451
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults f...
Kiwitcms Kiwi Tcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »