django-filebrowser (=3.13.2), geonode (=3.3.3) +2 more potentially affected by CVE-2021-46898 via django-grappelli (>=2.10.1 <=2.15.1)

django-grappelli PYPI version =2.10.1, =6.5.0, =1.12.1, =1.13.0.dev10 Source cves: CVE-2021-46898 Source advisory: OSV:GHSA-9X43-5QCQ-H79Q...

django-filebrowser (=3.13.2), geonode (=3.3.3) +2 more potentially affected by CVE-2021-46898 via django-grappelli (>=2.10.1 <=2.15.1)

django-grappelli PYPI version =2.10.1, =6.5.0, =1.12.1, =1.13.0.dev10 Source cves: CVE-2021-46898 Source advisory: OSV:PYSEC-2023-211...

Cross-Site Scripting (XSS)

kiwitcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists because some browser fail to prevent interpreting untrusted files which allows an attacker to inject and execute arbitrary JavaScript as tests...

Cross-Site Scripting (XSS)

kiwitcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of file content validation in the denyuploadscontainingscripttag function of validators.py, which allows an attacker to inject arbitrary JavaScript code into a victim's browser...

Cross-site Scripting (XSS)

kiwitcms is vulnerable to Cross-site Scripting XSS. The vulnerability exists because user uploaded files are not properly validated in certain circumstances which allows an attacker to inject and execute arbitrary JavaScript...

OS Command Injection

kiwitcms is vulnerable to OS Command Injection. The vulnerability exists because the github.headref key in changelog.yml does not properly check the workflow, which allows an attacker to gain write access to file configurations...

Incorrect Authorization

kiwitcms is vulnerable to Incorrect Authorization. The vulnerability exists in email parameter of admin.py because it does not properly validate email addresses in the admin page, which allows an attacker to change an email address without verifying ownership during account registration...

Arbitrary File Upload

kiwitcms is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded, allowing an attacker to bypass the file upload restrictions by uploading a malicious .exe file or embedded JavaScript file, tricking people into clicking on the...

Stored XSS and CSP Bypass in KiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

Cross-site Scripting (XSS)

kiwitcms is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists because the library does not define the Content-Security-Policy header to block inline JavaScript, which allows an attacker to inject and execute malicious javascript through the malicious SVG file upload...

Information Disclosure

kiwitcms is vulnerable to information disclosure. The vulnerability exists because the common.py does not enable the password validators to avoid users choosing weak passwords when the users register new accounts or change passwords, allowing an attacker to guess the password...

Stored XSS in kiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

Cross-site Scripting (XSS)

kiwitcms is vulnerable to cross-site scripting. The vulnerability exists in diffobjects function in history.py due to lack of validation of the store values which allows a remote attacker to inject and execute malicious javascript into system...

Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

GHSA-HF94-8MX5-2VVJ Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...