Filtered by vendor Kiamo
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70364 | 1 Kiamo | 1 Kiamo | 2026-04-27 | 8.8 High |
| An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4. | ||||
| CVE-2025-70365 | 1 Kiamo | 1 Kiamo | 2026-04-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published. | ||||
Page 1 of 1.