Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2018-15538

Published: 15/10/2018 Updated: 30/11/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

agentejo cockpit -

Exploits

Exploit DB: Cockpit CMS CSRF / XSS / Path Traversal
Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities Version 062 should address these issues ...

Mailing Lists

Full Disclosure: Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)
#1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "/" to traverse to other folders via requests to /cockpit/media/api Example of a vulnerable request: POST /cockpit/media/api HTTP/11 Host: 1921685129 User-Agent: Mozilla/50 (Windows NT 100; Win64; x6 ...

References

CWE-79http://seclists.org/fulldisclosure/2018/Oct/30https://nvd.nist.govhttp://seclists.org/fulldisclosure/2018/Oct/30
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802template injectionCVE-2024-0044code injectionCVE-2024-35474CVE-2024-27857CVE-2024-23251CVE-2024-23692physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook