Agentejo Cockpit vulnerabilities
33 known vulnerabilities affecting agentejo/cockpit.
Total CVEs
33
CISA KEV
0
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH9MEDIUM16LOW1
Vulnerabilities
Page 2 of 2
CVE-2025-7053P4MEDIUMCVSS 6.1≤ 2.11.3v2.11.0+3 more2025-07-04
CVE-2025-7053 [MEDIUM] CWE-79 CVE-2025-7053: A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affe
A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.11.4 is able to address this issue. The patch is named bdc
nvd
CVE-2021-32857P4MEDIUMCVSS 6.1≤ 0.12.22023-02-21
CVE-2021-32857 [MEDIUM] CWE-79 CVE-2021-32857: Cockpit is a content management system that allows addition of content management functionality to a
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
nvd
CVE-2023-4321P4MEDIUMCVSS 6.1fixed in 2.4.32023-08-14
CVE-2023-4321 [MEDIUM] CWE-79 CVE-2023-4321: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
nvd
CVE-2023-4432P4MEDIUMCVSS 6.1≤ 2.6.32023-08-19
CVE-2023-4432 [MEDIUM] CWE-79 CVE-2023-4432: Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
nvd
CVE-2023-4395P4MEDIUMCVSS 5.4fixed in 2.6.42023-08-17
CVE-2023-4395 [MEDIUM] CWE-79 CVE-2023-4395: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
nvd
CVE-2023-4433P4MEDIUMCVSS 5.4≤ 2.6.32023-08-19
CVE-2023-4433 [MEDIUM] CWE-79 CVE-2023-4433: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
nvd
CVE-2023-4196P4MEDIUMCVSS 5.4fixed in 2.6.32023-08-06
CVE-2023-4196 [MEDIUM] CWE-79 CVE-2023-4196: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
nvd
CVE-2024-2001P4MEDIUMCVSS 5.4v2.7.02024-02-29
CVE-2024-2001 [MEDIUM] CWE-79 CVE-2024-2001: A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability coul
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.
nvd
CVE-2023-0780P4MEDIUMCVSS 5.4fixed in 2.3.92023-02-11
CVE-2023-0780 [MEDIUM] CWE-1021 CVE-2023-0780: Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior t
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
nvd
CVE-2023-1160P4MEDIUMCVSS 5.5≤ 2.3.92023-03-03
CVE-2023-1160 [MEDIUM] CWE-1103 CVE-2023-1160: Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.
nvd
CVE-2023-4422P4MEDIUMCVSS 4.8fixed in 2.6.32023-08-18
CVE-2023-4422 [MEDIUM] CWE-79 CVE-2023-4422: Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
nvd
CVE-2021-3660P4MEDIUMCVSS 4.3≥ 0, < 254-12022-03-10
CVE-2021-3660 [MEDIUM] CVE-2021-3660: Cockpit (and its plugins) do not seem to protect itself against clickjacking
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
osv
CVE-2024-6126P4LOWCVSS 3.2≥ 0, < 287.1-0+deb12u3≥ 0, < 320-12024-07-03
CVE-2024-6126 [LOW] CVE-2024-6126: A flaw was found in the cockpit package
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
osv
← Previous2 / 2