本ページは synchroweb kiwire に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-11190 | The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website. | [email protected] | 5.4 | 0.32% | 2025-10-10 | 2026-06-17 |
| CVE-2025-11189 | The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution. | [email protected] | 7.3 | 0.36% | 2025-10-10 | 2026-06-17 |
| CVE-2025-11188 | The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database. | [email protected] | 7.3 | 0.27% | 2025-10-10 | 2026-06-17 |