Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the save process in the /system/users/save path when handling the name or email arguments. An attacker can inject arbitrary web script or HTML by submitting crafted input to these parameters. Details...

Cockpit 代码注入漏洞

Cockpit is an interactive server management interface for Cockpit open source. A code injection vulnerability exists in Cockpit 2.11.3 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameters name/email in the file /system/users/save...