Moderate severityNVD Advisory· Published Feb 29, 2024· Updated Aug 1, 2024
Cross-Site Scripting vulnerability in Cockpit CMS
CVE-2024-2001
Description
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ghsa-coords
- Cockpit CMS/Cockpit CMSv5Range: 2.7.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.