CNNVD-202507-382 Information
Jul 04, 2025
cve
CNNVD ID
CNNVD-202507-382
Related CVE
- CNNVD Published: 2025-07-04
Description (Chinese)
Cockpit是Cockpit开源的一个交互式服务器管理界面。 Cockpit 2.11.3及之前版本存在代码注入漏洞,该漏洞源于对文件/system/users/save中参数name/email的错误操作导致跨站脚本攻击。
Description (English)
Cockpit is an interactive server management interface for the cockpit open source. Cockpit 2.11.3 and previous versions contain a code-injection loophole, which results from an error in the parameter name/email in the file/system/user/save resulting in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
Cockpit
Published
2025-07-04
Last Modified
2026-02-24
References
https://github.com/Cockpit-HQ/Cockpit/commit/bdcd5e3bc651c0839c7eea807f3eb6af856dbc76 https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.11.4 https://vuldb.com/?ctiid.314819 https://vuldb.com/?id.314819 https://vuldb.com/?submit.605594
Patch
https://github.com/Cockpit-HQ/Cockpit/releases
Share on: