Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Remediation

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Related Vulnerabilities

CVE-2020-28487 Vulnerability in maven package org.webjars.npm:vis-timeline

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.validation

CVE-2022-21670 Vulnerability in npm package markdown-it

CVE-2020-36641 Vulnerability in maven package fr.turri:axmlrpc

CVE-2023-0842 Vulnerability in maven package org.webjars.npm:xml2js

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory