CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4395 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4395
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc48b0da • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4321 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4321
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. • https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249 https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4196 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4196
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. • https://github.com/cockpit-hq/cockpit/commit/039a00cc310bff128ca6e6c1c46c6fbad0385c2c https://huntr.dev/bounties/c275a2d4-721f-49f7-8787-b146af2056a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4195 – PHP Remote File Inclusion in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4195
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. • https://github.com/cockpit-hq/cockpit/commit/800c05f1984db291769ffa5fdfb1d3e50968e95b https://huntr.dev/bounties/0bd5da2f-0e29-47ce-90f3-06518656bfd6 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37649
https://notcve.org/view.php?id=CVE-2023-37649
Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 https://www.ghostccamm.com/blog/multi_cockpit_vulns •