CVE-2023-4432 | THREATINT

Description

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

PUBLISHED Reserved 2023-08-19 | Published 2023-08-19 | Updated 2024-10-02 | Assigner @huntrdev

HIGH: 8.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Any version before 2.6.4

affected

References

huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f

github.com/...ommit/2a93d391fbd2dd9e730f65d43b29beb65903d195

huntr.dev/bounties/69684663-6822-41ff-aa05-afbdb8f5268f

github.com/...ommit/2a93d391fbd2dd9e730f65d43b29beb65903d195

cve.org (CVE-2023-4432)

nvd.nist.gov (CVE-2023-4432)

Download JSON

help @ threatint.eu