Moderate severityNVD Advisory· Published Nov 21, 2022· Updated Apr 14, 2025
Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi
CVE-2022-4105
Description
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kiwitcmsPyPI | < 11.6 | 11.6 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.