We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-site Scripting (Stored XSS) in cockpit-hq/cockpit

Valid

Reported on

Aug 5th 2023

Description

For any role that has permission to execute function assets, i can upload a html file and that leads to XSS.

Proof of Concept

  1. Link PoC: https://docs.google.com/document/d/1pZAi6PZiBmN3yNsBmY8Z9Qd3_hv-8zPHUh69h-i1rvA/edit?usp=sharing
  2. Link video PoC: https://photos.app.goo.gl/XhZa1LTUN9265L667

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.

We are processing your report and will contact the cockpit-hq/cockpit team within 24 hours. 2 months ago
We have contacted a member of the cockpit-hq/cockpit team and are waiting to hear back a month ago
Artur validated this vulnerability a month ago
quanghuy25112000 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Artur marked this as fixed in 2.6.3 with commit 039a00 a month ago
Artur has been awarded the fix bounty
This vulnerability has been assigned a CVE
Artur published this vulnerability a month ago
Assets.php#L140-L192 has been validated
to join this conversation