What is CVE-2023-32686?

CVE-2023-32686 is a high-severity vulnerability in Kiwitcms Kiwi, classified under Cross-site Scripting. CVSS score: 8.1/10. Published 2023-05-27.

How severe is CVE-2023-32686?

High severity. CVSS v3 base score is 8.1 out of 10.

XSS in Kiwitcms Kiwi

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.011 (78.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Kiwitcms Kiwi — versions < 12.3

Weakness classification (CWE)

References

https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-x7c2-7wvg-jpx7 (x_refsource_CONFIRM)
https://kiwitcms.org/blog/kiwi-tcms-team/2023/05/22/kiwi-tcms-123/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-32686?: CVE-2023-32686 is a high-severity vulnerability in Kiwitcms Kiwi, classified under Cross-site Scripting. CVSS score: 8.1/10. Published 2023-05-27.
How severe is CVE-2023-32686?: High severity. CVSS v3 base score is 8.1 out of 10.