Vulnerabilities > IT Novum > Openitcockpit > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-06 CVE-2023-3520 Unspecified vulnerability in It-Novum Openitcockpit
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.
network
low complexity
it-novum
4.6
4.6
2023-06-13 CVE-2023-3218 Unspecified vulnerability in It-Novum Openitcockpit
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.
network
high complexity
it-novum
4.4
4.4
2020-03-25 CVE-2020-10791 Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
network
low complexity
it-novum CWE-918
6.5
6.5
2020-03-25 CVE-2020-10790 Cross-site Scripting vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
network
low complexity
it-novum CWE-79
5.4
5.4
2019-12-31 CVE-2019-10227 Cross-site Scripting vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
network
low complexity
it-novum CWE-79
6.1
6.1
2019-08-23 CVE-2019-15492 Cross-site Scripting vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
network
low complexity
it-novum CWE-79
6.1
6.1