28 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure. Se ha descubierto una vulnerabilidad en Agentejo Cockpit CMS v0.5.5 que consiste en la carga de un archivo arbitrario en el parámetro '/media/api' mediante post request. Un atacante podría subir archivos al servidor, comprometiendo toda la infraestructura. • https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Una vulnerabilidad de carga de archivos arbitrarios en la función Upload Asset de Cockpit CMS v2.6.3 permite a los atacantes ejecutar código arbitrario cargando un archivo .shtml manipulado. • https://github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c https://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c https://huntr.dev/bounties/64f3253d-6852-4b9f-b870-85e896007b1a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195 https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •