VYPR
Moderate severityNVD Advisory· Published Nov 21, 2022· Updated Apr 14, 2025

Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

CVE-2022-4105

Description

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
kiwitcmsPyPI
< 11.611.6

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.