Latest version: v12.4
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2020-9402 | 37503 |
Kiwitcms 8.1 updates its dependency 'Django' to v2.2.2 to include a s… |
|
HIGH | 8.8 |
| CVE-2019-19844 | 38535 |
Kiwi TCMS 7.3 includes a fix for CVE-2019-19844: potential account hi… |
|
CRITICAL | 9.8 |
| PVE-2021-38536 | 38536 |
Kiwi TCMS 7.0 removes the API method ``BugSystem.filter()``. It was p… |
|
- | - |
| PVE-2021-38538 | 38538 |
Kiwi TCMS 6.6 explicitly requires the NPM dependency 'marked' v0.6.1 … |
|
HIDDEN | X.Y |
| CVE-2019-6975 | 38539 |
Kiwi TCMS 6.5.3 updates Django from 2.1.5 to 2.1.7 to prevent memory … |
|
HIGH | 7.5 |
| CVE-2019-3498 | 38541 |
Kiwitcms 6.4 includes fix for CVE-2019-3498: In Django 1.11.x before … |
|
MEDIUM | 6.5 |
| CVE-2018-14041 | 39589 |
Kiwi TCMS 6.4 updates Patternfly to version 3.59.0, which deals with … |
|
MEDIUM | 6.1 |
| CVE-2018-19057 | 38542 |
Kiwi TCMS 6.3 resolves a medium severity XSS vulnerability which can … |
|
MEDIUM | 6.1 |
| CVE-2019-14235 | 43693 |
Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include s… |
|
HIGH | 7.5 |
| PVE-2021-43694 | 43694 |
Kiwi TCMS 6.11 updates its NPM dependency 'Marked' to v0.7.0 to inclu… |
|
- | - |
| CVE-2019-14233 | 43691 |
Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include s… |
|
HIGH | 7.5 |
| CVE-2019-14234 | 43692 |
Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include s… |
|
CRITICAL | 9.8 |
| CVE-2019-12781 | 38544 |
Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include s… |
|
MEDIUM | 5.3 |
| CVE-2019-14232 | 43690 |
Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include s… |
|
HIGH | 7.5 |
| CVE-2019-12308 | 38537 |
Kiwitcms 6.10 updates Django from 2.2.1 to 2.2.2 (see CVE-2019-12308). |
|
MEDIUM | 6.1 |
| CVE-2019-11358 | 39590 |
Kiwitcms 6.10 updates its dependency 'Django' to include security fix… |
|
MEDIUM | 6.1 |
| CVE-2018-16984 | 36649 |
Kiwitcms 6.0 updates its dependency Django to v2.1.2 to include a sec… |
|
MEDIUM | 4.9 |
| PVE-2021-42528 | 42528 |
Kiwi TCMS 4.2 uses SHA256 instead of insecure MD5 and SHA1. https://… |
|
- | - |
| PVE-2021-42529 | 42529 |
Kiwi TCMS 4.2 starts using the more cryptographically secure module '… |
|
- | - |
| CVE-2017-18214 | 39074 |
Kiwitcms 4.2 updates its NPM dependency 'moment' to include security … |
|
HIGH | 7.5 |
| PVE-2021-38543 | 38543 |
Kiwi TCMS 4.2 removes an unnecessary AJAX view that had a remote code… |
|
HIDDEN | X.Y |
| PVE-2021-39075 | 39075 |
Kiwitcms 3.8.10-2 fixes a script injection vulnerability in notes fie… |
|
HIDDEN | X.Y |
| PVE-2024-99898 | 64992 |
Kiwi TCMS, an open source test management system allows users to uplo… |
|
- | - |
| CVE-2023-36809 | 71991 |
Affected versions of Kiwi TCMS implemented changes to serve all uploa… |
|
MEDIUM | 5.4 |
| CVE-2023-27489 | 59484 |
Kiwi TCMS is an open source test management system for both manual an… |
|
MEDIUM | 5.4 |
| CVE-2023-33977 | 59507 |
Kiwi TCMS is an open source test management system for both manual an… |
|
MEDIUM | 5.4 |
| CVE-2023-30544 | 59491 |
Kiwi TCMS is an open source test management system. In versions of Ki… |
|
MEDIUM | 4.3 |
| CVE-2023-30613 | 59485 |
Kiwi TCMS, an open source test management system, allows users to upl… |
|
CRITICAL | 9.0 |
| CVE-2023-30628 | 64183 |
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi … |
|
HIGH | 8.8 |
| CVE-2023-32686 | 59493 |
Kiwi TCMS is an open source test management system for both manual an… |
|
MEDIUM | 5.4 |
| CVE-2023-22451 | 59483 |
Kiwi TCMS is an open source test management system. In version 11.6 a… |
|
HIGH | 8.8 |
| CVE-2022-41323 | 51780 |
Kiwitcms 11.6 updates its dependency 'Django' from 4.0.7 to 4.1.3 to … |
|
HIGH | 7.5 |
| PVE-2022-51779 | 51779 |
Kiwitcms 11.6 cleans HTML input when generating history diff to preve… |
|
- | - |
| CVE-2021-45116 | 48454 |
Kiwitcms 11.1 updates its dependency 'Django' to v4.0.2 to include se… |
|
HIGH | 7.5 |
| CVE-2021-45452 | 48453 |
Kiwitcms 11.1 updates its dependency 'Django' to v4.0.2 to include se… |
|
MEDIUM | 5.3 |
| CVE-2021-45115 | 48455 |
Kiwitcms 11.1 updates its dependency 'Django' to v4.0.2 to include se… |
|
HIGH | 7.5 |
| CVE-2022-23833 | 48309 |
Kiwitcms 11.1 updates its dependency 'Django' to v4.0.2 to include se… |
|
HIGH | 7.5 |
| CVE-2022-22818 | 48452 |
Kiwitcms 11.1 updates its dependency 'Django' to v4.0.2 to include se… |
|
MEDIUM | 6.1 |
| PVE-2024-99781 | 66056 |
Kiwitcms before 6.2.1 is susceptible to insecure encryption as a resu… |
|
- | - |
| CVE-2023-25156 | 54654 |
### Impact Previous versions of Kiwi TCMS do not impose rate limits w… |
|
CRITICAL | 9.8 |
| CVE-2023-25171 | 54655 |
### Impact Previous versions of Kiwi TCMS do not impose rate limits w… |
|
MEDIUM | 5.9 |
| CVE-2022-4105 | 54591 |
A stored XSS in a kiwi Test Plan can run malicious javascript which c… |
|
MEDIUM | 5.4 |