GHSA-hf94-8mx5-2vvj

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-hf94-8mx5-2vvj/GHSA-hf94-8mx5-2vvj.json
Aliases
  • CVE-2022-4105
Published
2022-11-21T21:30:15Z
Modified
2022-11-23T19:39:23.557862Z
Details

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

References

Affected packages

PyPI / kiwitcms

kiwitcms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
11.6

Affected versions

10.*

10.0
10.1
10.2
10.3
10.3.999
10.4
10.5

11.*

11.0
11.1
11.3
11.4
11.5

6.*

6.10
6.11
6.2.1
6.3
6.4
6.5
6.5.3
6.6
6.7
6.8
6.9

7.*

7.0
7.1
7.2
7.2.1
7.3

8.*

8.0
8.1
8.1.99
8.2
8.3
8.4
8.5
8.6
8.6.1
8.7
8.8
8.9

9.*

9.0
9.999