Skip to main content

Openitcockpit CVE-2020-10790

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-03-25 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 25, 2020 - 14:15 nvd
MEDIUM 5.4

DescriptionNVD

openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.

AnalysisAI

openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. Affected products include: It-Novum Openitcockpit. Version information: before 3.7.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2026-24892 HIGH POC
7.5 Feb 20

Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject

CVE-2026-24891 HIGH POC
7.5 Feb 20

Remote code execution in openITCOCKPIT 5.3.1 and earlier via unsafe deserialization in the Gearman worker component, whi

CVE-2020-10789 CRITICAL
9.8 Mar 25

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell met

CVE-2019-15494 CRITICAL
9.8 Aug 23

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2019-15490 CRITICAL
9.8 Aug 23

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2020-10788 CRITICAL
9.1 Mar 25

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API

CVE-2026-24893 HIGH
8.8 Apr 14

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host

CVE-2023-36663 HIGH
8.8 Jun 25

it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the so

CVE-2019-15491 HIGH
8.8 Aug 23

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2023-3520 MEDIUM POC
4.6 Jul 06

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

CVE-2023-3218 MEDIUM POC
4.4 Jun 13

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. Rated medium severity (CVSS 4

CVE-2020-10792 HIGH
7.5 Mar 20

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placin

Share

CVE-2020-10790 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy