3 matches found
CVE-2025-11189
CVE-2025-11189 affects the Kiwire Captive Portal. The vulnerability is a reflected cross-site scripting (XSS) flaw in the login-url parameter, enabling JavaScript execution. Documented across multiple feeds (NVD, Red Hat, EUVD/ENISA, CVE lists), with CVSSv3.1 base score 7.3 (HIGH), attack vector ...
CVE-2025-11188
The CVE-2025-11188 vulnerability affects the Kiwire Captive Portal (SynchroWeb). It is a blind SQL injection in the nas-id parameter that can be used to issue SQL commands and compromise the associated database. The issue is documented across multiple sources (NVD/Red Hat RH, EUVD ENISA, CVE list...
CVE-2025-11190
CVE-2025-11190 affects the Kiwire Captive Portal (SynchroWeb). The issue is an open redirection in the login-url parameter that can redirect users to an attacker‑controlled website. Public details consistently describe this as a login flow redirection vulnerability without additional exploit info...