Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
NASA Open MCT Cross Site Scripting vulnerability
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 19 days ago
Updated: 6 days ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-v8fc-qxvj-f3mg, CVE-2023-45885
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-45885
- https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f
- https://github.com/nasa/openmct/pull/7148
- https://github.com/nasa/openmct/pull/7148/commits/4e95e12559c9c5364269ff366a59768573baacb4
- https://github.com/advisories/GHSA-v8fc-qxvj-f3mg
Affected Packages
npm:openmct
Versions: <= 3.1.0No known fixed version