[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000225":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":67,"related":68,"reserved_at":9,"published_at":76,"modified_at":77,"state":78,"summary":79,"references_raw":88,"kevs":121,"epss":122,"epss_history":125,"metrics":377,"affected":390},"CVE-2018-1000225","Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via \"network connectivity\". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-q9g5-98pm-w6q7",[],[49,51,53,55,57,59,61,63,65],{"_key":50},"SUSE-RU-2018:2639-1",{"_key":52},"SUSE-SU-2018:2551-1",{"_key":54},"SUSE-SU-2018:2561-1",{"_key":56},"SUSE-SU-2018:2608-1",{"_key":58},"OPENSUSE-SU-2021:0058-1",{"_key":60},"UBUNTU-CVE-2018-1000225",{"_key":62},"OPENSUSE-SU-2021:0046-1",{"_key":64},"OPENSUSE-SU-2024:10690-1",{"_key":66},"USN-6475-1",[],[69,70,71,72,73,74,75],{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":62},{"_key":64},"2018-08-20T20:00:00.000Z","2024-08-05T12:40:46.680Z","Modified",{"cisa_kev":80,"cisa_ransomware":80,"cisa_vendor":9,"epss_severity":81,"epss_score":82,"severity":83,"severity_score":84,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":78},false,"low",0.00268,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[89,98,103,108,113,117],{"url":90,"sources":91,"tags":94},"https://github.com/cobbler/cobbler/issues/1917",[92,86,93],"cve.org","osv_pypi",[95,96,97],"X Refsource CONFIRM","Third Party Advisory","WEB",{"url":99,"sources":100,"tags":101},"https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",[92,86],[102,96],"X Refsource MISC",{"url":104,"sources":105,"tags":106},"https://nvd.nist.gov/vuln/detail/CVE-2018-1000225",[93],[107],"Advisory",{"url":109,"sources":110,"tags":111},"https://github.com/cobbler/cobbler",[93],[112],"PACKAGE",{"url":114,"sources":115,"tags":116},"https://github.com/cobbler/cobbler/blob/master/cobbler/remote.py#L2236",[93],[97],{"url":118,"sources":119,"tags":120},"https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api",[93],[97],[],{"date":123,"score":82,"percentile":124},"2026-06-04",0.50441,[126,129,132,135,138,140,143,146,149,152,155,158,160,163,166,170,173,176,179,182,185,188,191,194,197,200,203,206,208,211,214,217,220,222,225,228,231,233,236,238,241,243,246,249,251,254,257,260,262,264,267,270,273,276,279,282,285,288,290,293,296,299,302,305,308,310,312,315,317,320,323,325,328,331,334,337,340,343,346,349,352,355,357,360,363,366,368,371,373,375],{"date":127,"score":82,"percentile":128},"2025-11-04",0.50073,{"date":130,"score":82,"percentile":131},"2025-11-05",0.50059,{"date":133,"score":82,"percentile":134},"2025-11-06",0.5007,{"date":136,"score":82,"percentile":137},"2025-11-07",0.50096,{"date":139,"score":82,"percentile":137},"2025-11-08",{"date":141,"score":82,"percentile":142},"2025-11-09",0.5008,{"date":144,"score":82,"percentile":145},"2025-11-10",0.50049,{"date":147,"score":82,"percentile":148},"2025-11-11",0.50063,{"date":150,"score":82,"percentile":151},"2025-11-12",0.50088,{"date":153,"score":82,"percentile":154},"2025-11-13",0.50093,{"date":156,"score":82,"percentile":157},"2025-11-14",0.50102,{"date":159,"score":82,"percentile":137},"2025-11-15",{"date":161,"score":82,"percentile":162},"2025-11-16",0.50077,{"date":164,"score":82,"percentile":165},"2025-11-17",0.50052,{"date":167,"score":168,"percentile":169},"2025-11-18",0.00431,0.59896,{"date":171,"score":168,"percentile":172},"2025-11-19",0.59909,{"date":174,"score":168,"percentile":175},"2025-11-20",0.59898,{"date":177,"score":82,"percentile":178},"2025-11-21",0.50062,{"date":180,"score":82,"percentile":181},"2025-11-22",0.50056,{"date":183,"score":82,"percentile":184},"2025-11-23",0.50018,{"date":186,"score":82,"percentile":187},"2025-11-24",0.50007,{"date":189,"score":82,"percentile":190},"2025-11-25",0.50016,{"date":192,"score":82,"percentile":193},"2025-11-26",0.50008,{"date":195,"score":82,"percentile":196},"2025-11-27",0.50014,{"date":198,"score":82,"percentile":199},"2025-11-28",0.4998,{"date":201,"score":82,"percentile":202},"2025-11-29",0.49957,{"date":204,"score":82,"percentile":205},"2025-11-30",0.49947,{"date":207,"score":82,"percentile":157},"2025-12-01",{"date":209,"score":82,"percentile":210},"2025-12-02",0.50122,{"date":212,"score":82,"percentile":213},"2025-12-03",0.50119,{"date":215,"score":82,"percentile":216},"2025-12-04",0.49961,{"date":218,"score":82,"percentile":219},"2025-12-05",0.49982,{"date":221,"score":82,"percentile":219},"2025-12-06",{"date":223,"score":82,"percentile":224},"2025-12-07",0.49973,{"date":226,"score":82,"percentile":227},"2025-12-08",0.49966,{"date":229,"score":82,"percentile":230},"2025-12-09",0.49986,{"date":232,"score":82,"percentile":165},"2025-12-10",{"date":234,"score":82,"percentile":235},"2025-12-11",0.50072,{"date":237,"score":82,"percentile":157},"2025-12-12",{"date":239,"score":82,"percentile":240},"2025-12-13",0.50087,{"date":242,"score":82,"percentile":128},"2025-12-14",{"date":244,"score":82,"percentile":245},"2025-12-15",0.50057,{"date":247,"score":82,"percentile":248},"2025-12-16",0.50067,{"date":250,"score":82,"percentile":154},"2025-12-17",{"date":252,"score":82,"percentile":253},"2025-12-18",0.50133,{"date":255,"score":82,"percentile":256},"2025-12-19",0.50137,{"date":258,"score":82,"percentile":259},"2025-12-20",0.501,{"date":261,"score":82,"percentile":134},"2025-12-21",{"date":263,"score":82,"percentile":131},"2025-12-22",{"date":265,"score":82,"percentile":266},"2025-12-23",0.50054,{"date":268,"score":82,"percentile":269},"2025-12-24",0.50065,{"date":271,"score":82,"percentile":272},"2025-12-25",0.50115,{"date":274,"score":82,"percentile":275},"2025-12-26",0.50103,{"date":277,"score":82,"percentile":278},"2025-12-27",0.50118,{"date":280,"score":82,"percentile":281},"2025-12-28",0.50045,{"date":283,"score":82,"percentile":284},"2025-12-29",0.50033,{"date":286,"score":82,"percentile":287},"2025-12-30",0.5003,{"date":289,"score":82,"percentile":134},"2025-12-31",{"date":291,"score":82,"percentile":292},"2026-01-01",0.50234,{"date":294,"score":82,"percentile":295},"2026-01-02",0.50213,{"date":297,"score":82,"percentile":298},"2026-01-03",0.50206,{"date":300,"score":82,"percentile":301},"2026-01-04",0.50027,{"date":303,"score":82,"percentile":304},"2026-01-05",0.5001,{"date":306,"score":82,"percentile":307},"2026-01-06",0.50017,{"date":309,"score":82,"percentile":287},"2026-01-07",{"date":311,"score":82,"percentile":181},"2026-01-08",{"date":313,"score":82,"percentile":314},"2026-01-09",0.50035,{"date":316,"score":82,"percentile":287},"2026-01-10",{"date":318,"score":82,"percentile":319},"2026-01-11",0.50011,{"date":321,"score":82,"percentile":322},"2026-01-12",0.49969,{"date":324,"score":82,"percentile":205},"2026-01-13",{"date":326,"score":82,"percentile":327},"2026-01-14",0.49996,{"date":329,"score":82,"percentile":330},"2026-01-15",0.5,{"date":332,"score":82,"percentile":333},"2026-01-16",0.50021,{"date":335,"score":82,"percentile":336},"2026-01-17",0.49997,{"date":338,"score":82,"percentile":339},"2026-01-18",0.49972,{"date":341,"score":82,"percentile":342},"2026-01-19",0.49946,{"date":344,"score":82,"percentile":345},"2026-01-20",0.49948,{"date":347,"score":82,"percentile":348},"2026-01-21",0.49949,{"date":350,"score":82,"percentile":351},"2026-01-22",0.49954,{"date":353,"score":82,"percentile":354},"2026-01-23",0.50003,{"date":356,"score":82,"percentile":319},"2026-01-24",{"date":358,"score":82,"percentile":359},"2026-01-25",0.49964,{"date":361,"score":82,"percentile":362},"2026-01-26",0.49936,{"date":364,"score":82,"percentile":365},"2026-01-27",0.49942,{"date":367,"score":82,"percentile":351},"2026-01-28",{"date":369,"score":82,"percentile":370},"2026-01-29",0.49952,{"date":372,"score":82,"percentile":202},"2026-01-30",{"date":374,"score":82,"percentile":359},"2026-01-31",{"date":376,"score":82,"percentile":275},"2026-02-01",[378,388],{"source":86,"cvss_v2_0":379,"cvss_v3_0":384,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":380,"baseSeverity":9,"vectorString":381,"impactScore":382,"exploitabilityScore":383},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":84,"baseSeverity":385,"vectorString":87,"impactScore":386,"exploitabilityScore":387},"MEDIUM",4.5,7.2,{"source":93,"cvss_v2_0":9,"cvss_v3_0":389,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":84,"baseSeverity":9,"vectorString":87,"impactScore":386,"exploitabilityScore":387},[391],{"ecosystem":392,"name":393,"vendor":392,"product":393,"cpe_part":9,"purl_type":394,"purl_namespace":9,"purl_name":393,"source":9,"versions":395},"PyPI","cobbler","pypi",[396],{"version":397,"is_range":398,"range_type":399,"version_start":9,"version_start_type":9,"version_end":400,"version_end_type":401,"fixed_in":9},"lte2_6_11",true,"ecosystem","2.6.11","including"]