CVE-2021-32857

Name of the Vulnerable Software and Affected Versions Cockpit versions 0.12.2 and prior

Description Cockpit is a content management system that allows addition of content management functionality to any site. In the affected versions, bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues.

Recommendations For Cockpit versions 0.12.2 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the htmleditor.js function until a patch is available. Restrict access to the htmleditor.js module to minimize the risk of exploitation.