2 matches found
CVE-2024-2001 Cross-Site Scripting vulnerability in Cockpit CMS
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded...
CVE-2024-2001
Cockpit CMS CVE-2024-2001 is a documented XSS in Cockpit CMS 2.7.0 where an authenticated user can upload a PDF containing a malicious JavaScript payload, stored and executed on upload. The issue affects the file upload handling and input validation as described in multiple sources (NVD entry, GH...