An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
6.1CVSS
6.2AI Score
0.001EPSS
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
9.8CVSS
9.4AI Score
0.878EPSS
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
9.8CVSS
9.4AI Score
0.836EPSS
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
9.8CVSS
9.5AI Score
0.846EPSS