Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentSEC-VLabVULNRICHMENT:CVE-2023-49111
HistoryJun 20, 2024 - 12:34 p.m.

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

2024-06-2012:34:38
CWE-79
SEC-VLab
github.com
12
cve-2023-49111
reflected cross-site-scripting
kiuwan sast
single sign-on
javascript block
ad sso authentication
adfs

AI Score

6.2

Confidence

High

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

JSON

For Kiuwan installations with SSO (single sign-on) enabled, an
unauthenticated reflected cross-site scripting attack can be performed
on the login page “login.html”. This is possible due to the request parameter “message” values
being directly included in a JavaScript block in the response. This is
especially critical in business environments using AD SSO
authentication, e.g. via ADFS, where attackers could potentially steal
AD passwords.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:kiuwan:sast:master.1808.p685.q13371:*:*:*:*:*:*:*"
    ],
    "vendor": "kiuwan",
    "product": "sast",
    "versions": [
      {
        "status": "affected",
        "version": "master.1808.p685.q13371"
      }
    ],
    "defaultStatus": "affected"
  }
]

Related

nvd 1
cvelist 1
cve 1
packetstorm 1
nvd
nvd
CVE-2023-49111
2024-06-20 13:15:49
cvelist
cvelist
CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST
2024-06-20 12:34:38
cve
cve
CVE-2023-49111
2024-06-20 13:15:49
packetstorm
packetstorm
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
2024-06-10 00:00:00

AI Score

6.2

Confidence

High

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2023-49111
nvd1cvelist1cve1packetstorm1