CVE-2023-49111
CVSS V2 None
CVSS V3 None
Description
For Kiuwan installations with SSO (single sign-on) enabled, an
unauthenticated reflected cross-site scripting attack can be performed
on the login page "login.html". This is possible due to the request parameter "message" values
being directly included in a JavaScript block in the response. This is
especially critical in business environments using AD SSO
authentication, e.g. via ADFS, where attackers could potentially steal
AD passwords.
This issue affects Kiuwan SAST: <master.1808.p685.q13371
Overview
- CVE ID
- CVE-2023-49111
- Assigner
- SEC-VLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-20T12:34:38.170Z
- Last Modified Date
- 2024-06-20T12:34:38.170Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://r.sec-consult.com/kiuwan | third-party-advisory |
| https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log | release-notes |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-49111 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49111 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 13:26:37 | Added to TrackCVE |