Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
NASA Open MCT Cross Site Scripting vulnerability
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 5 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-v8fc-qxvj-f3mg, CVE-2023-45885
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-45885
- https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f
- https://github.com/nasa/openmct/pull/7148
- https://github.com/nasa/openmct/pull/7148/commits/4e95e12559c9c5364269ff366a59768573baacb4
- https://github.com/advisories/GHSA-v8fc-qxvj-f3mg
Blast Radius: 8.4
Affected Packages
npm:openmct
Dependent packages: 1Dependent repositories: 36
Downloads: 763 last month
Affected Version Ranges: <= 3.1.0
No known fixed version
All affected versions: 0.11.4, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0.2, 3.1.0