File Upload Bypass Leads to Stored XSS in cockpit-hq/cockpit


Reported on

Aug 13th 2023


In the file upload feature, the system did not allow uploading files with extensions like html, ... But when uploading files with extension xhtml, it leads to XSS vulnerabilities.

Proof of Concept


Through the hole. attacker can execute malicious code

We are processing your report and will contact the cockpit-hq/cockpit team within 24 hours. 4 months ago
A GitHub Issue asking the maintainers to create a exists 4 months ago
We have contacted a member of the cockpit-hq/cockpit team and are waiting to hear back 4 months ago
Artur validated this vulnerability 4 months ago
Nguyen Hoan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Artur marked this as fixed in 2.4.3 with commit 34ab31 4 months ago
Artur has been awarded the fix bounty
This vulnerability has been assigned a CVE
Artur published this vulnerability 4 months ago
Assets.php#L140-L192 has been validated
to join this conversation