Bounties
Community
Info
cockpit-hq / cockpit
Project repository
Cockpit Core - Content Platform
Submit a report
FIRST INTERACTION
WITHIN
1 DAY
REVIEW
WITHIN
36 DAYS
FIX
WITHIN
14 DAYS
File Upload Bypass Leads to Stored XSS
Aug 28th 2023
5h4s1
•
duplicate
High
Reflected XSS via pdf upload
Aug 22nd 2023
popcorn94
•
not applicable
stored xss in asset upload file
Aug 21st 2023
nyeooo
•
self closed
Reflected xss in installation space parameter
Aug 20th 2023
j0x1nx
•
Medium
Medium
•
CVE-2023-4451
CVE-2023-4451
Cross-site Scripting (XSS) - Reflected
Aug 19th 2023
5h4s1
•
High
High
•
CVE-2023-4432
CVE-2023-4432
File Upload Bypass Leads to Stored XSS
Aug 17th 2023
1dayluo
•
High
High
•
CVE-2023-4395
CVE-2023-4395
STORED XSS in File Upload
Aug 19th 2023
nyeooo
•
High
High
•
CVE-2023-4433
CVE-2023-4433
File Upload Bypass Leads to Stored XSS
Aug 14th 2023
5h4s1
•
High
High
•
CVE-2023-4321
CVE-2023-4321
Stored XSS Vulnerability in Display Name
Aug 13th 2023
cupc4k3
•
pending
MIME Sniffing: Able to upload XSS payload with any extension name
Aug 7th 2023
akshayravic09yc47
•
not applicable
Stored XSS via asset upload
Aug 7th 2023
akshayravic09yc47
•
not applicable
Cross-site Scripting (Stored XSS)
Aug 6th 2023
quanghuy25112000
•
High
High
•
CVE-2023-4196
CVE-2023-4196
File Upload Bypass Leads to Remote Code Execution (RCE)
Aug 6th 2023
quanghuy25112000
•
Critical
Critical
•
CVE-2023-4195
CVE-2023-4195
Unrestricted Upload of File with Dangerous Type Leads to Remote Code Execution (...
Aug 19th 2023
liteshghute
•
not applicable
RCE in file upload functionality due to incomplete fix for CVE-2023-1313.
Mar 17th 2023
tsarsecurity
•
not applicable
Arbitrary File Read Write and Delete at Finder Module
Mar 16th 2023
choocs
•
not applicable
Cross Site Scripting (XSS) in Assets
Aug 18th 2023
choocs
•
Medium
Medium
•
CVE-2023-4422
CVE-2023-4422
Insufficient Upload Filtering leads to RCE
Jul 12th 2024
choocs
•
self closed
File Upload Bypass Leads to Remote Code Execution (RCE)
Mar 10th 2023
choocs
•
High
High
•
CVE-2023-1313
CVE-2023-1313
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
Mar 3rd 2023
popcorn94
•
Medium
Medium
•
CVE-2023-1160
CVE-2023-1160
Authenticated Unrestricted File Upload with Remote Code Execution or XSS
Feb 13th 2023
popcorn94
•
pending
Stored xss via pdf upload
Feb 10th 2023
govindpalakkal
•
pending
Vulnerable to clickjacking
Feb 11th 2023
popcorn94
•
Medium
Medium
•
CVE-2023-0780
CVE-2023-0780
Session cookie without HTTPOnly and Secure Flag
Feb 11th 2023
popcorn94
•
not applicable
Privilege Escalation in the Cockpit CMS
Feb 9th 2023
cupc4k3
•
Medium
Medium
•
CVE-2023-0759
CVE-2023-0759
Exposure of Sensitive Information to an Unauthorized Actor
Sep 9th 2022
whoisshuvam
•
not applicable
2FA Bypass in Cockpit Content Platform ≤ v2.2.1
Aug 12th 2022
whoisshuvam
•
Critical
Critical
•
CVE-2022-2818
CVE-2022-2818
Insufficient Session Expiration After Password Change
Aug 7th 2022
whoisshuvam
•
High
High
•
CVE-2022-2713
CVE-2022-2713
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
