Agentejo: >> Cockpit >> 0.10.2 Security Vulnerabilities
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS Score
9.8
EPSS Score
0.92
Published
2020-12-30
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-06-17
Page 3