本頁列出影響 synchroweb kiwire 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-11190 | The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website. | [email protected] | 5.4 | 0.32% | 2025-10-10 | 2026-06-17 |
| CVE-2025-11189 | The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution. | [email protected] | 7.3 | 0.36% | 2025-10-10 | 2026-06-17 |
| CVE-2025-11188 | The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database. | [email protected] | 7.3 | 0.27% | 2025-10-10 | 2026-06-17 |