Vulnerabilities (CVE)

Filtered by vendor Synchroweb Subscribe

Filtered by product Kiwire

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2025-11190	1 Synchroweb	1 Kiwire	2025-11-17	N/A	5.4 MEDIUM
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
CVE-2025-11189	1 Synchroweb	1 Kiwire	2025-11-17	N/A	7.3 HIGH
The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
CVE-2025-11188	1 Synchroweb	1 Kiwire	2025-11-14	N/A	7.3 HIGH
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.