KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NKioware
APPKioware≤ 8.33
Related vulnerabilities
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, whi...
In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already ...
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...
KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the appli...