Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kiwitcms — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting kiwitcms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

KiwiTCMS serves as a test case management system primarily used for organizing and tracking software testing activities. Historically, the application has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. Security assessments have identified multiple CVEs, with 11 recorded to date, often stemming from improper input validation and access control weaknesses. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities highlights the importance of regular security updates and input sanitization in maintaining the platform's integrity.

Top products by kiwitcms: Kiwi kiwitcms/kiwi
CVE IDTitleCVSSSeverityPublished
CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox — KiwiCWE-79 8.1 High2023-07-05
CVE-2023-33977 Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS — KiwiCWE-79 8.1 High2023-06-06
CVE-2023-32686 kiwitcms vulnerable to stored XSS via unrestricted files upload — KiwiCWE-79 8.1 High2023-05-27
CVE-2023-30628 Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow — KiwiCWE-78 8.8 High2023-04-24
CVE-2023-30613 Kiwi TCMS unrestricted file upload vulnerability — KiwiCWE-434 8.1 High2023-04-24
CVE-2023-30544 Kiwi TCMS may allow user to update email address to unverified one — KiwiCWE-283 3.9 Low2023-04-24
CVE-2023-27489 Stored cross site scripting via SVG file upload in Kiwi TCMS — KiwiCWE-79 7.6 High2023-03-29
CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page — kiwiCWE-770 7.5 High2023-02-15
CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page — kiwiCWE-770 7.5 High2023-02-15
CVE-2023-22451 Weak password requirements in Kiwi TCMS — KiwiCWE-521 6.5 Medium2023-01-02
CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi — kiwitcms/kiwiCWE-79 5.4 -2022-11-21

This page lists every published CVE security advisory associated with kiwitcms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.