CVE-2024-2001

Name of the Vulnerable Software and Affected Versions Cockpit CMS version 2.7.0

Description A Cross-Site Scripting issue in Cockpit CMS could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

Recommendations For version 2.7.0, consider disabling the file upload feature until a patch is available to prevent exploitation of this issue. Restrict access to areas where file uploads are possible to minimize the risk of malicious JavaScript payload execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.