CVE-2023-41564
https://notcve.org/view.php?id=CVE-2023-41564
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Una vulnerabilidad de carga de archivos arbitrarios en la función Upload Asset de Cockpit CMS v2.6.3 permite a los atacantes ejecutar código arbitrario cargando un archivo .shtml manipulado. • https://github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-4451 – Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4451
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c https://huntr.dev/bounties/4e111c3e-6cf3-4b4c-b3c1-a540bf30f8fa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4433 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4433
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c https://huntr.dev/bounties/64f3253d-6852-4b9f-b870-85e896007b1a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4432 – Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4432
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195 https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4395 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4395
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc48b0da • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •