Show filters
28 Total Results
Displaying 1-10 of 28
Sort by:
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated February 22, 2025)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
Unknown

CVE-2020-35847

Disclosure Date: December 30, 2020 (last updated February 22, 2025)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Unknown

CVE-2024-4825

Disclosure Date: May 14, 2024 (last updated May 15, 2024)
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
0
0
Attacker Value
Unknown

CVE-2023-41564

Disclosure Date: September 08, 2023 (last updated October 08, 2023)
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-4451

Disclosure Date: August 20, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-4433

Disclosure Date: August 19, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-4432

Disclosure Date: August 19, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-4422

Disclosure Date: August 18, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-4395

Disclosure Date: August 17, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-4321

Disclosure Date: August 14, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >