CVE-2022-4105 HIGH

CVE-2022-4105: Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

Vendor Kiwitcms

Product kiwitcms/kiwi

Weakness CWE-79 · XSS

Published November 21, 2022

Last update April 14, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

Key dates

02Disclosure timeline

November 21, 2022 CVE published

April 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4105 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-4105: Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

01Description

02Disclosure timeline

03References

04Related CVE