CVE-2024-2001Cross-site Scripting in CMS

CWE-79Cross-site ScriptingCWE-20Improper Input Validation5 documents5 sources
Severity
5.4MEDIUMNVD
CNA5.5
EPSS
0.1%
top 74.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cockpit CMSAgentejo Cockpit
Timeline
PublishedFeb 29

Description

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDagentejo/cockpit2.7.0
CVEListV5cockpit_cms/cockpit_cms2.7.0

🔴Vulnerability Details

3
GHSA
Cockpit CMS Cross-Site Scripting vulnerability2024-02-29
OSV
Cockpit CMS Cross-Site Scripting vulnerability2024-02-29
CVEList
Cross-Site Scripting vulnerability in Cockpit CMS2024-02-29
CVE-2024-2001 — Cross-site Scripting in Cockpit CMS | cvebase