What is GHSA-ch4j-vcf5-58x5?

GHSA-ch4j-vcf5-58x5 is a security advisory published by GitHub Security Advisories with Medium severity. Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

Which CVE IDs does GHSA-ch4j-vcf5-58x5 cover?

GHSA-ch4j-vcf5-58x5 covers the following CVE IDs: CVE-2026-23695. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-ch4j-vcf5-58x5?

GHSA-ch4j-vcf5-58x5 has a CVSS v3 base score of 5.4, published by GitHub Security Advisories.

Which products are affected by GHSA-ch4j-vcf5-58x5?

GHSA-ch4j-vcf5-58x5 affects 1 product, including: composer/cockpit-hq/cockpit:\u003c= 2.14.0.

GHSA-ch4j-vcf5-58x5MediumCVSS 5.4

Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-23695 →

📋 Description

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function() and rendered via Vue's v-html directive without sanitization. An attacker with content/:models/manage permission can inject arbitrary JavaScript into the Display template, which executes in the browser of any user viewing the collection items list.

🎯 Affected products1

composer/cockpit-hq/cockpit:<= 2.14.0

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-23695
https://github.com/Cockpit-HQ/Cockpit/commit/72a83fcfe85ad8330e9ae834bc02fa517b5749e9
https://www.vulncheck.com/advisories/cockpit-cms-stored-xss-via-set-field-display-template
https://github.com/advisories/GHSA-ch4j-vcf5-58x5