GHSA-X7C2-7WVG-JPX7 kiwitcms vulnerable to stored XSS via unrestricted files upload

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent...

PT-2023-23961 · Kiwi Tcms · Kiwi Tcms

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.3 Description: The issue arises from insufficient upload validation checks in Kiwi TCMS, allowing an attacker to upload potentially dangerous files. These files can be combined to circumvent the existing...