Page 6 of 28 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-15538 – Cockpit CMS CSRF / XSS / Path Traversal

https://notcve.org/view.php?id=CVE-2018-15538

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. Agentejo Cockpit tiene múltiples vulnerabilidades Cross-Site Scripting (XSS). Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities. Version 0.6.2 should address these issues. • http://seclists.org/fulldisclosure/2018/Oct/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15540 – Cockpit CMS CSRF / XSS / Path Traversal

https://notcve.org/view.php?id=CVE-2018-15540

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. Agentejo Cockpit realiza acciones en archivos sin una validación apropiada y, por lo tanto, permite que un atacante salte el sistema de archivos a ubicaciones no planeadas y/o acceda a archivos arbitrarios. Esto también se conoce como salto de directorio en /media/api. Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities. Version 0.6.2 should address these issues. • http://seclists.org/fulldisclosure/2018/Oct/30 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-14611 – Cockpit CMS 0.5.5 Server-Side Request Forgery

https://notcve.org/view.php?id=CVE-2017-14611

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. SSRF (Server Side Request Forgery) en Cockpit 0.13.0 permite que atacantes remotos lean archivos arbitrarios o envíen tráfico TCP a los hosts de la intranet mediante el parámetro url. Esto está relacionado con el uso del componente descontinuado aheinze/fetch_url_contents. Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability. • http://seclists.org/fulldisclosure/2018/Apr/15 • CWE-918: Server-Side Request Forgery (SSRF) •