Lucene search

K
osvGoogleOSV:GHSA-Q76R-7P4Q-MQPW
HistoryFeb 29, 2024 - 3:32 p.m.

Cockpit CMS Cross-Site Scripting vulnerability

2024-02-2915:32:26
Google
osv.dev
4
cross-site scripting
cockpit cms
version 2.7.0
file upload
javascript payload
security vulnerability
pdf infection

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

CPENameOperatorVersion
cockpit-hq/cockpiteq2.7.0

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for OSV:GHSA-Q76R-7P4Q-MQPW