VDB
KO
MEDIUM 5.4

PYSEC-2026-837

Cross-site Scripting in kiwitcms

Details

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / kiwitcms
Introduced in: 0 Fixed in: 11.6
Fix pip install --upgrade 'kiwitcms>=11.6'

References