Bounties
Partners
Community
Info
kiwitcms / kiwi
Project repository
open source test management system with over 2 million downloads!
Submit a report
FIRST INTERACTION
WITHIN
2 DAYS
REVIEW
WITHIN
40 DAYS
FIX
WITHIN
75 DAYS
Stored XSS
Jul 4th 2023
mq-xz
•
High
High
Base64 Injection & Silent Exception Catching
Jun 7th 2023
ellord0xd
•
spam
Stored XSS via file upload in FireFox
Jul 4th 2023
mnqazi
•
High
High
Stored XSS Via SVG Upload
Jun 6th 2023
mnqazi
•
High
High
Stored XSS with CSP bypass through JS file upload
May 21st 2023
ek1ng
•
duplicate
Medium
"csrfmiddlewaretoken" reuse to reset password for any user
May 20th 2023
bikesh-yadav
•
not applicable
Stored XSS and CSP Bypass in KiwiTCMS
May 21st 2023
antoniospataro
•
High
High
Failure to invalidate session after password change
Apr 18th 2023
novemberdad
•
not applicable
Account Owner Email Adrress Leakage Lead To Improper Access Control
May 8th 2023
novemberdad
•
None
None
XSS in file Upload attachment SVG extension
Mar 28th 2023
tht1997
•
duplicate
Medium
IDOR in bug report
Jan 10th 2023
sanket-722
•
not applicable
Stored XSS Via SVG File Upload
Apr 15th 2023
1d8
•
Medium
Medium
No Protection against Bruteforce attacks on Login page
Feb 20th 2023
satya250
•
High
High
Weak Password Implimentation
Jan 5th 2023
satya250
•
Medium
Medium
No rate limiting on the reset password page will lead to a DOS attack and inbox...
Feb 20th 2023
mosaa404
•
Critical
Critical
Unrestricted Upload of file with dangerous type lead to destroying the company's...
May 8th 2023
mosaa404
•
Low
Low
An unrestricted upload file lead to a stored XSS via SVG file.
May 29th 2023
mosaa404
•
High
High
Stored XSS in kiwiTCMS
Apr 15th 2023
antoniospataro
•
High
High
Stored XSS and HTML injection from markdown
Nov 21st 2022
antoniospataro
•
High
High
•
CVE-2022-4105
CVE-2022-4105
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
