📦 Kiwi Tcms

CVE-2023-32686 is a cross-site scripting (XSS) vulnerability in Kiwi TCMS that allows attackers to bypass file upload validation and upload malicious files. When combined with other files, these can c...

Kiwi TCMS versions before 12.2 allow unrestricted file uploads, enabling attackers to upload malicious files like executables or JavaScript-containing files. This could lead to remote code execution o...

Kiwi TCMS versions before 12.1 are vulnerable to cross-site scripting (XSS) via malicious SVG file uploads. When users upload SVG files containing JavaScript and view them directly (not embedded in HT...

Kiwi TCMS versions before 12.0 lack rate limiting on the login page, allowing attackers to perform brute-force attacks against user credentials. This affects all Kiwi TCMS deployments using vulnerable...