CVE-2023-41564

MEDIUM

Cockpit CMS 2.6.3 - Arbitrary File Upload via Asset Upload Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-41564. PoCs published by sota70.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-41564, a stored XSS vulnerability in Cockpit CMS (<= v2.6.3). It explains the root cause, attack flow, and includes code snippets from the vulnerable upload function.

Description

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

Exploits (1)

nomisec WRITEUP

by sota70 · poc

https://github.com/sota70/cve-2023-41564-research

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-41564, a stored XSS vulnerability in Cockpit CMS (<= v2.6.3). It explains the root cause, attack flow, and includes code snippets from the vulnerable upload function.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Cockpit CMS <= v2.6.3

Auth required

Prerequisites: File upload permissions in Cockpit CMS

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md

View Writeup ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.2014

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (2)

agentejo/cockpit 2.6.3

cockpit-hq/cockpit 0Packagist

Published Sep 08, 2023

Tracked Since Feb 18, 2026