File Upload Bypass Leads to Stored XSS in cockpit-hq/cockpit


Reported on

Aug 13th 2023


In the file upload feature, the system did not allow uploading files with extensions like html, ... But when uploading files with extension xhtml, it leads to XSS vulnerabilities.

Proof of Concept


Through the hole. attacker can execute malicious code

We are processing your report and will contact the cockpit-hq/cockpit team within 24 hours. a month ago
We have contacted a member of the cockpit-hq/cockpit team and are waiting to hear back a month ago
Artur validated this vulnerability a month ago
Nguyen Hoan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Artur marked this as fixed in 2.4.3 with commit 34ab31 a month ago
Artur has been awarded the fix bounty
This vulnerability has been assigned a CVE
Artur published this vulnerability a month ago
Assets.php#L140-L192 has been validated
to join this conversation