Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45719
HistoryMar 01, 2024 - 9:33 a.m.

Cross Site Scripting(XSS)

2024-03-0109:33:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cockpit
cross site scripting
input validation
authenticated user
pdf file
javascript payload

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

cockpit-hq/cockpit is vulnerable to Cross Site Scripting(XSS). The vulnerability is due to inadequate input validation, allowing an authenticated user to upload a PDF file containing a malicious JavaScript payload, which is executed upon file upload.

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for VERACODE:45719