Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
CVE-2023-4395

8.1HIGH

Key Information:

Vendor: Cockpit-hq
Status: Cockpit-hq/cockpit
Vendor: CVE Published:; 17 August 2023

What is CVE-2023-4395?

Stored Cross-Site Scripting (XSS) vulnerability in the Cockpit application allows attackers to inject malicious scripts into web pages viewed by users. This can lead to unauthorized actions on behalf of users or the leakage of sensitive information. The vulnerability affects versions prior to 2.6.4 and is documented in the GitHub repository cockpit-hq/cockpit.

Affected Version(s)

cockpit-hq/cockpit < 2.6.4

References

https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc...

https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cb...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
Aug 17, 2023

CVE-2023-4395 Data

JSON

Cockpit-hq

What is CVE-2023-4395?

Affected Version(s)

References

CVSS V3.1

Timeline