25 matches found
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
EUVD-2025-209386
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server...
EUVD-2025-209388
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
CVE-2025-70364
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
Conecteo Kiamo 安全漏洞
Conecteo Kiamo is a multi-channel customer interaction and contact center management platform developed by the French company Conecteo. Versions of Conecteo Kiamo prior to version 8.4 contained security vulnerabilities. These vulnerabilities were caused by improper encoding of user input in the...
CVE-2025-70364
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...
PT-2026-31638
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
CVE-2025-70365
Kiamo has a stored XSS vulnerability in versions before 8.4 due to improper output encoding of user input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript that executes in other users’ browsers. The CVE record notes a prior fix for the 8.3.1 branc...
CVE-2025-70364
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
Conecteo Kiamo 安全漏洞
Conecteo Kiamo is a multi-channel customer interaction and contact center management platform developed by the French company Conecteo. Versions of Conecteo Kiamo prior to version 8.4 contained security vulnerabilities. These vulnerabilities were due to improper permission verification, which cou...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
CVE-2025-70364
CVE-2025-70364 affects Kiamo prior to 8.4 and allows authenticated administrative users to execute arbitrary PHP code on the server. The vulnerability is triggered by privileged admin access, with an impact of total compromise of confidentiality, integrity, and availability as per the CVSS vector...
PT-2026-31637
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server...
CVE-2025-70364
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
EUVD-2025-27808
Malicious code in bioql PyPI...
CVE-2025-31633
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throu...
CVE-2025-31633
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throu...