Showing 1 - 1 of 1

CVE-2023-49111

Status Candidate

Overview

For Kiuwan installations with SSO (single sign-on) enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is especially critical in business environments using AD SSO authentication, e.g. via ADFS, where attackers could potentially steal AD passwords. This issue affects Kiuwan SAST: <master.1808.p685.q13371

Related Files

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR: Posted Jun 10, 2024; Authored by C. Schwarz | Site sec-consult.com; Kiuwan SAST versions prior to 2.8.2402.3, Kiuwan Local Analyzer versions prior to master.1808.p685.q13371, and Kiuwan SaaS versions prior to 2024-02-05 suffer from XML external entity injection, cross site scripting, insecure direct object reference, and various other vulnerabilities.; tags | exploit, local, vulnerability, xss; advisories | CVE-2023-49110, CVE-2023-49111, CVE-2023-49112, CVE-2023-49113; SHA-256 | 6af5ef942877432434cbf024cf41b29e270c93717f04c0f42c420899c400c4ef; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 251 files
indoushka 155 files
Ubuntu 91 files
Gentoo 32 files
Debian 21 files
LiquidWorm 14 files
Apple 11 files
malvuln 8 files
Google Security Research 7 files
verylazytech 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,140)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,531)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,026)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,914)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-49111

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems