 
                        We found results for “”
CVE-2025-7053
Good to know:
 
                                    Date: July 3, 2025
A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.11.4 is able to address this issue. The patch is named bdcd5e3bc651c0839c7eea807f3eb6af856dbc76. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. A patch and new release was made available very quickly.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Top Fix
 
                                    CVSS v3.1
| Base Score: |  | 
|---|---|
| Attack Vector (AV): | NETWORK | 
| Attack Complexity (AC): | LOW | 
| Privileges Required (PR): | LOW | 
| User Interaction (UI): | REQUIRED | 
| Scope (S): | UNCHANGED | 
| Confidentiality (C): | NONE | 
| Integrity (I): | LOW | 
| Availability (A): | NONE | 
 Vulnerabilities
                        Vulnerabilities
                 Projects
                        Projects
                 Vulnerability Disclosure
                        Vulnerability Disclosure
                 About Us
                    About Us
                 Contact Us
                    Contact Us
                

