Lucene search

@huntrdevCVELIST:CVE-2023-4432

HistoryAug 19, 2023 - 12:52 a.m.

CVE-2023-4432 Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit

2023-08-1900:52:51

CWE-79

@huntrdev

www.cve.org

cve-2023-4432

xss

cockpit-hq/cockpit

github

repository

2.6.4

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

CNA Affected

[
  {
    "vendor": "cockpit-hq",
    "product": "cockpit-hq/cockpit",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.6.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195

huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-4432