Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).
Metrics
Affected Vendors & Products
References
History
No history.
![cve-icon](/static/img/cve-icon.png)
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-20T20:00:00
Updated: 2024-08-05T12:40:46.680Z
Reserved: 2018-08-02T00:00:00
Link: CVE-2018-1000225
![cve-icon](/static/img/cisa-icon.png)
No data.
![cve-icon](/static/img/nvd-icon.png)
Status : Modified
Published: 2018-08-20T20:29:01.720
Modified: 2024-11-21T03:39:58.480
Link: CVE-2018-1000225
![cve-icon](/static/img/redhat-icon.png)