CVE-2024-4825 – Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo
https://notcve.org/view.php?id=CVE-2024-4825
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure. Se ha descubierto una vulnerabilidad en Agentejo Cockpit CMS v0.5.5 que consiste en la carga de un archivo arbitrario en el parámetro '/media/api' mediante post request. Un atacante podría subir archivos al servidor, comprometiendo toda la infraestructura. • https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-41564
https://notcve.org/view.php?id=CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Una vulnerabilidad de carga de archivos arbitrarios en la función Upload Asset de Cockpit CMS v2.6.3 permite a los atacantes ejecutar código arbitrario cargando un archivo .shtml manipulado. • https://github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-4451 – Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4451
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c https://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4433 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4433
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c https://huntr.dev/bounties/64f3253d-6852-4b9f-b870-85e896007b1a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4432 – Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4432
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195 https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •