Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Remediation

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Related Vulnerabilities

CVE-2020-26870 Vulnerability in npm package dompurify

CVE-2020-7691 Vulnerability in maven package org.webjars:jspdf

CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js

CVE-2022-36097 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui

CVE-2020-7743 Vulnerability in maven package org.webjars.npm:mathjs

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory