Vulnerability CVE-2024-2001
Published: 2024-02-29

Description:
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cockpit-cms
Copyright 2026, cxsecurity.com

 

Back to Top