Mosaa404

**Name of the Vulnerable Software and Affected Versions** Kiwi TCMS versions prior to 12.2 **Description** The issue allows users to upload attachments to test plans, test cases, etc., without control over the types of files that can be uploaded. A malicious actor may upload an `.exe` file or a file containing embedded JavaScript, potentially tricking others into clicking on these files and causing vulnerable browsers to execute malicious code on another computer. This could lead to cross-site scripting (XSS) attacks. Kiwi TCMS version 12.2 introduces functionality for administrators to configure additional upload validator functions, giving them more control over accepted file types. By default, `.exe` files are denied, as are files containing the `<script>` tag, due to their potential for XSS attacks. **Recommendations** Upgrade to Kiwi TCMS version 12.2 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to trusted users or disabling the file upload feature until the upgrade is possible. Administrators can also configure additional upload validator functions to deny specific file types, such as `.exe` files or files containing the `<script>` tag.

**Name of the Vulnerable Software and Affected Versions** Kiwi TCMS versions prior to 12.0 **Description** The issue allows for easier denial-of-service attacks against the Password reset page due to the lack of rate limits. An attacker could send a large number of emails if they know the email addresses of users in Kiwi TCMS, potentially straining SMTP resources. **Recommendations** For versions prior to 12.0, upgrade to v12.0 or later to receive a patch. As a temporary workaround, consider installing and configuring a rate-limiting proxy in front of Kiwi TCMS. Additionally, configure rate limits on the email server when possible to minimize the risk of exploitation.