CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37650
https://notcve.org/view.php?id=CVE-2023-37650
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 https://www.ghostccamm.com/blog/multi_cockpit_vulns • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1313 – Unrestricted Upload of File with Dangerous Type in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-1313
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. • https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592 https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1160 – Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-1160
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. • https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8 https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87 • CWE-1103: Use of Platform-Dependent Third Party Components •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32857 – Cockpit vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32857
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. • https://github.com/agentejo/cockpit/blob/f7cd602bcc6134657ccfeb4e400b0050943dd243/assets/lib/uikit/js/components/htmleditor.js https://github.com/agentejo/cockpit/commit/0c6628cbff3e49bc317c97b03a4666b3a75f76cc https://securitylab.github.com/advisories/GHSL-2021-1035_Cockpit_Next • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0780 – Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-0780
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. • https://github.com/cockpit-hq/cockpit/commit/8450bdf7e1dc23e9d88adf30a2aa9101c0c41720 https://huntr.dev/bounties/801efd0b-404b-4670-961a-12a986252fa4 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •