Lucene search

K
cvelistINCIBECVELIST:CVE-2024-2001
HistoryFeb 29, 2024 - 1:30 p.m.

CVE-2024-2001 Cross-Site Scripting vulnerability in Cockpit CMS

2024-02-2913:30:54
CWE-79
INCIBE
www.cve.org
cve-2024-2001
cross-site scripting
cockpit cms
infected pdf
javascript payload

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cockpit CMS",
    "vendor": "Cockpit CMS",
    "versions": [
      {
        "status": "affected",
        "version": "2.7.0"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-2001