XSS in Kiuwan Sast

CVE-2023-49111

For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being d…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (53.2th percentile) — read the EPSS interpretation.

Affected products

Kiuwan Sast — versions <master.1808.p685.q13371

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

r.sec-consult.com/kiuwan (third-party-advisory)
www.kiuwan.com/docs/display/K5/[2024-05-30]+Change+Log (release-notes)