Lucene search

Veracode Vulnerability DatabaseVERACODE:42881

HistoryAug 22, 2023 - 10:33 a.m.

Cross-site Scripting (XSS)

2023-08-2210:33:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

xss

user inputs

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

cockpit-hq/cockpit is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in the index.php due to lack of sanitization of user inputs during installation which allows an attacker to inject and execute arbitrary javascript into a victims browser.

CPENameOperatorVersion
cockpit-hq/cockpitle2.6.3
cockpit-hq/cockpitle2.6.3

CPE	Name	Operator	Version
	cockpit-hq/cockpit	le	2.6.3
	cockpit-hq/cockpit	le	2.6.3

References

github.com/advisories/GHSA-g3mv-64h3-h482

github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c

huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa

huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for VERACODE:42881