CVE-2023-36809: POC Misconfigured HTTP headers allowing Stored XSS in KiwiTCMS- @mnqazi #MNadeemQazi

CVE-2023-36809: POC Misconfigured HTTP headers allowing Stored XSS in KiwiTCMS- @mnqazi #MNadeemQazi

M Nadeem Qazi

55 лет назад

157 Просмотров
I successfully identified a Stored XSS vulnerability within kiwitcms/kiwi. The vulnerability lies in the handling of files uploaded to the application. By utilizing a specific payload within the html file, an attacker can inject arbitrary code that will be executed within the context of the affected application.
It was patched by the vendor, and assigned a CVE-2023-36809.

Reported By: #M_Nadeem_Qazi
Report Link: https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/
Github: https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw

Follow me:
Facebook: @mnqazi
Instagram: @mnqazi
Twitter: @mnqazi
Ссылки и html тэги не поддерживаются

Комментарии:

Сейчас смотрят
CVE-2023-36809: POC Misconfigured HTTP headers allowing Stored XSS in KiwiTCMS- @mnqazi #MNadeemQazi 01:13
CVE-2023-36809: POC Misconfigured HTTP headers allowing Stored XSS in KiwiTCMS- @mnqazi #MNadeemQazi M Nadeem Qazi
Mission Passed | Dr.Amir AIIMS #shorts #trending 0:55
Mission Passed | Dr.Amir AIIMS #shorts #trending Dr Amir AIIMS
Cara memindahkan file hp xiaomi ke kartu sd 1:35
Cara memindahkan file hp xiaomi ke kartu sd ᴴᴰ ᴵⁿᶠᶦⁿᶦᵗʸ
PHP - Ajax file upload 4:24
PHP - Ajax file upload Rean Ey រៀនអី
FREE Dividend Portfolio Tracker (v7.0) | MASSIVE Updates + Walkthrough 14:54
FREE Dividend Portfolio Tracker (v7.0) | MASSIVE Updates + Walkthrough Ryne Williams
15 August WhatsApp Viral Wishing Script 2021 | Independence Day Script 2021 For Blogger 7:20
15 August WhatsApp Viral Wishing Script 2021 | Independence Day Script 2021 For Blogger YT King Pankaj
Елена Воробей и Геннадий Ветров - Поэт-экстремал (2014) 8:48
Елена Воробей и Геннадий Ветров - Поэт-экстремал (2014) Елена Воробей
Being a Trustee: Part 1, roles and responsibilities 27:45
Being a Trustee: Part 1, roles and responsibilities PAVO
Convert Markdown to PDF (Pandoc and Groff) 11:06
Convert Markdown to PDF (Pandoc and Groff) Gavin Freeborn
Kingdom valley Islamabad | Properties Pakistan By Rizwan Ameer 00:39
Kingdom valley Islamabad | Properties Pakistan By Rizwan Ameer Properties Pakistan by Rizwan Ameer
timon and pumbaa scared k fee 0:34
timon and pumbaa scared k fee deo klyde francisco
TOURNAMENT & SCRIMS HIGHLIGHTS | IPHONE 13 | TeamDGxBIKROM 2:44
TOURNAMENT & SCRIMS HIGHLIGHTS | IPHONE 13 | TeamDGxBIKROM BIKROM GAMING 07