Agentejo: >> Cockpit Security Vulnerabilities
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-14
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-29
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.
CVSS Score
6.1
EPSS Score
0.201
Published
2023-09-08
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVSS Score
6.1
EPSS Score
0.416
Published
2023-08-20
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVSS Score
8.3
EPSS Score
0.003
Published
2023-08-19
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVSS Score
8.3
EPSS Score
0.002
Published
2023-08-19
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-08-18
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-08-17
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
CVSS Score
8.3
EPSS Score
0.003
Published
2023-08-14
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVSS Score
9.9
EPSS Score
0.006
Published
2023-08-06
Page 1