Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
CVE-2023-4432

8.3HIGH

Key Information:

Vendor: Cockpit-hq
Status: Cockpit-hq/cockpit
Vendor: CVE Published:; 19 August 2023

What is CVE-2023-4432?

A reflected Cross-site Scripting (XSS) vulnerability exists in the Cockpit software, which could allow an attacker to inject malicious scripts into web pages viewed by users. This issue affects versions prior to 2.6.4, enabling potential exploitation if an attacker can trick a user into clicking a malicious link that processes arbitrary input. Prompt updates and security practices are essential to mitigate potential threats.

Affected Version(s)

cockpit-hq/cockpit < 2.6.4

References

https://huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8...

https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2023
Vulnerability Reserved
Aug 19, 2023

CVE-2023-4432 Data

JSON

Cockpit-hq

What is CVE-2023-4432?

Affected Version(s)

References

CVSS V3.1

Timeline