Cockpit CMS Cross-Site Scripting Vulnerability Affects Version 2.7.0
CVE-2024-2001

5.4MEDIUM

Key Information:

Vendor: Cockpit Cms
Status: Cockpit Cms
Vendor: CVE Published:; 29 February 2024

🔔 Create Cockpit Cms Vulnerability Alert

What is CVE-2024-2001?

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

Affected Version(s)

Cockpit CMS 2.7.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 29, 2024

Credit

Sergio Román Hurtado

CVE-2024-2001 Data

JSON