Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-06	CVE-2023-3520	Unspecified vulnerability in It-Novum Openitcockpit Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. network low complexity it-novum	4.6
2023-06-13	CVE-2023-3218	Unspecified vulnerability in It-Novum Openitcockpit Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. network high complexity it-novum	4.4
2020-03-25	CVE-2020-10791	Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. network low complexity it-novum CWE-918	6.5
2020-03-25	CVE-2020-10790	Cross-site Scripting vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. network low complexity it-novum CWE-79	5.4
2019-12-31	CVE-2019-10227	Cross-site Scripting vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. network low complexity it-novum CWE-79	6.1
2019-08-23	CVE-2019-15492	Cross-site Scripting vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. network low complexity it-novum CWE-79	6.1