Cockpit Security Vulnerabilities and Issues — Cockpit CVE List

Lucene search

AgentejoCockpit

6 matches found

CVE•added 2023/08/18 7:15 p.m.•126 views

CVE-2023-4422

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

6.8CVSS5AI score0.00098EPSS

CVE•added 2023/08/20 3:15 p.m.•66 views

CVE-2023-4451

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

6.1CVSS6AI score0.41626EPSS

CVE•added 2023/09/08 11:15 p.m.•55 views

CVE-2023-41564

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

6.1CVSS6.6AI score0.20137EPSS

CVE•added 2020/06/17 8:15 p.m.•54 views

CVE-2020-14408

An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.

6.1CVSS6.2AI score0.01606EPSS

CVE•added 2023/02/21 3:15 p.m.•40 views

CVE-2021-32857

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.

6.1CVSS6AI score0.00477EPSS

CVE•added 2018/10/15 7:29 p.m.•32 views

CVE-2018-15538

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.

6.1CVSS6.2AI score0.00328EPSS