Vulnerability Description
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Agentejo | Cockpit | <= 0.12.2 |
Related Weaknesses (CWE)
References
- https://github.com/agentejo/cockpit/blob/f7cd602bcc6134657ccfeb4e400b0050943dd24PatchThird Party Advisory
- https://github.com/agentejo/cockpit/commit/0c6628cbff3e49bc317c97b03a4666b3a75f7PatchThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-1035_Cockpit_Next/ExploitThird Party Advisory
- https://github.com/agentejo/cockpit/blob/f7cd602bcc6134657ccfeb4e400b0050943dd24PatchThird Party Advisory
- https://github.com/agentejo/cockpit/commit/0c6628cbff3e49bc317c97b03a4666b3a75f7PatchThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2021-1035_Cockpit_Next/ExploitThird Party Advisory
FAQ
What is CVE-2021-32857?
CVE-2021-32857 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-si...
How severe is CVE-2021-32857?
CVE-2021-32857 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32857?
Check the references section above for vendor advisories and patch information. Affected products include: Agentejo Cockpit.