CVE-2022-4105

Published November 21st, 2022

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

kiwitcms/Kiwi

open source test management system with over 2 million downloads!

GitHub

1.21K