{"id":7540,"date":"2025-07-03T21:45:41","date_gmt":"2025-07-03T21:45:41","guid":{"rendered":"http:\/\/localhost\/?p=7540"},"modified":"2025-07-03T21:45:41","modified_gmt":"2025-07-03T21:45:41","slug":"cockpit-save-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7540","title":{"rendered":"Cockpit save cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nCockpit save cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-04T02:02:05.755Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-04T02:02:05.755Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nn\/a<\/td>\n<\/tr>\n
Product<\/th>\nCockpit<\/td>\n<\/tr>\n
Version<\/th>\n2.11.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:X<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting vulnerability in Cockpit versions up to 2.11.3 allows remote attackers to inject malicious scripts via the name or email arguments. This issue can be exploited without authentication and requires no special privileges. The vulnerability is fixed in version 2.11.4.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nCockpit Project<\/td>\n<\/tr>\n
AI Product<\/th>\nCockpit<\/td>\n<\/tr>\n
AI Version<\/th>\n2.11.0, 2.11.1, 2.11.2, 2.11.3<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n