Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2023-49111
HistoryJun 20, 2024 - 1:15 p.m.

CVE-2023-49111

2024-06-2013:15:49
CWE-79
551230f0-3615-47bd-b7cc-93e92e730bbf
web.nvd.nist.gov
24
kiuwan sast
reflected cross-site-scripting
single sign-on
javascript block
business environments
ad sso
adfs
authentication
cve-2023-49111

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

For Kiuwan installations with SSO (single sign-on) enabled, an
unauthenticated reflected cross-site scripting attack can be performed
on the login page “login.html”. This is possible due to the request parameter “message” values
being directly included in a JavaScript block in the response. This is
especially critical in business environments using AD SSO
authentication, e.g. via ADFS, where attackers could potentially steal
AD passwords.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SAST",
    "vendor": "Kiuwan",
    "versions": [
      {
        "status": "affected",
        "version": "<master.1808.p685.q13371",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
packetstorm 1
cvelist
cvelist
CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST
2024-06-20 12:34:38
nvd
nvd
CVE-2023-49111
2024-06-20 13:15:49
packetstorm
packetstorm
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
2024-06-10 00:00:00

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2023-49111
cvelist1nvd1packetstorm1