Synchroweb: >> Kiwire Security Vulnerabilities
The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-10-10
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-10-10
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-10