AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.
github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md