Lucene search
Cockpit Security Vulnerabilities - 2020
cve
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
6.1CVSS
6.2AI Score
0.001EPSS
2020-06-17 08:15 PM
34
cve
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
9.8CVSS
9.4AI Score
0.878EPSS
2020-12-30 01:15 AM
118
9
cve
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
9.8CVSS
9.4AI Score
0.836EPSS
2020-12-30 01:15 AM
119
12
cve
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
9.8CVSS
9.5AI Score
0.846EPSS
2020-12-30 01:15 AM
115
7