Known Vulnerabilities for products from Agentejo

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Agentejo".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-41564 json An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitra... 6.1 - MEDIUM 2023-09-08 2023-09-13
CVE-2023-37650 json A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administr... 8.8 - HIGH 2023-07-20 2023-07-26
CVE-2023-37649 json Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensi... 7.5 - HIGH 2023-07-20 2023-07-26
CVE-2023-4451 json Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. 6.1 - MEDIUM 2023-08-20 2023-08-24
CVE-2023-4433 json Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. 5.4 - MEDIUM 2023-08-19 2023-08-23
CVE-2023-4432 json Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. 6.1 - MEDIUM 2023-08-19 2023-08-23
CVE-2023-4422 json Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. 4.8 - MEDIUM 2023-08-18 2023-08-22
CVE-2023-4395 json Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. 5.4 - MEDIUM 2023-08-17 2023-08-22
CVE-2023-4321 json Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. 6.1 - MEDIUM 2023-08-14 2023-08-22
CVE-2023-4196 json Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. 5.4 - MEDIUM 2023-08-06 2023-08-10
CVE-2023-4195 json PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. 8.8 - HIGH 2023-08-06 2023-08-10
CVE-2023-1313 json Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. 8.8 - HIGH 2023-03-10 2023-03-15
CVE-2023-1160 json Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. 5.5 - MEDIUM 2023-03-03 2023-03-14
CVE-2023-0780 json Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. 5.4 - MEDIUM 2023-02-11 2023-02-22
CVE-2023-0759 json Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. 8.8 - HIGH 2023-02-09 2023-02-16
CVE-2022-2818 json Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. ... 8.8 - HIGH 2022-08-15 2023-08-02
CVE-2022-2713 json Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. 9.8 - CRITICAL 2022-08-08 2022-08-12
CVE-2021-32857 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 6.1 - MEDIUM 2023-02-21 2023-03-02
CVE-2020-35848 json Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. 9.8 - CRITICAL 2020-12-30 2022-04-05
CVE-2020-35847 json Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. 9.8 - CRITICAL 2020-12-30 2022-04-05
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Agentejo

Type Vendor Product Version
ApplicationAgentejoCockpit-