CVE-2022-4105

medium

Description

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

References

https://huntr.dev/bounties/386417e9-0cd5-4d80-8137-b0fd5c30b8f8

https://github.com/kiwitcms/kiwi/commit/a2b169ffdef1d7c1755bade8138578423b35011b

Details

Source: Mitre, NVD

Published: 2022-11-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00094