Safety vulnerability ID: 71991
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Kiwi TCMS implemented changes to serve all uploaded files as plain text, intending to prevent browsers from executing potentially dangerous files when accessed directly. However, the prior Nginx configuration was flawed, allowing certain browsers like Firefox to occasionally ignore the Content-Type: text/plain header, thus permitting potentially dangerous scripts to be executed.
Latest version: 12.4
Test Case Management System
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application