Page 3 of 31 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 https://www.ghostccamm.com/blog/multi_cockpit_vulns •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. • https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.6.0 https://www.ghostccamm.com/blog/multi_cockpit_vulns • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. • https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592 https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. • https://github.com/cockpit-hq/cockpit/commit/690016208850f2d788ebc3c67884d4c692587eb8 https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87 • CWE-1103: Use of Platform-Dependent Third Party Components •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. • https://github.com/agentejo/cockpit/blob/f7cd602bcc6134657ccfeb4e400b0050943dd243/assets/lib/uikit/js/components/htmleditor.js https://github.com/agentejo/cockpit/commit/0c6628cbff3e49bc317c97b03a4666b3a75f76cc https://securitylab.github.com/advisories/GHSL-2021-1035_Cockpit_Next • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •