Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Remediation

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Related Vulnerabilities

CVE-2010-4172 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2022-36046 Vulnerability in npm package next

CVE-2020-5245 Vulnerability in maven package io.dropwizard:dropwizard-validation

CVE-2022-45693 Vulnerability in maven package org.codehaus.jettison:jettison

CVE-2022-0436 Vulnerability in maven package org.webjars.npm:grunt

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory