Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Remediation

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Related Vulnerabilities

CVE-2020-7793 Vulnerability in maven package org.webjars.npm:ua-parser-js

CVE-2021-33420 Vulnerability in npm package replicator

CVE-2021-3666 Vulnerability in npm package body-parser-xml

CVE-2020-7726 Vulnerability in npm package safe-object2

CVE-2020-36732 Vulnerability in maven package org.webjars.npm:crypto-js

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory