N/A

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).

N/A

N/A

Cobbler 跨站脚本漏洞

Cobbler是一款网络安装服务器套件，它能够快速建立Linux网络安装环境。 Cobbler 2.0.0+及之前版本中的cobbler-web存在跨站脚本漏洞。远程攻击者可通过向Cobbler XMLRPC API(/cobbler-api)发送未经认证的JavaScript载荷利用该漏洞获取管理员权限。

N/A

N/A