PT-2023-29746 · Nasa · Openmct

Andy Olchawa

Publicado

2023-11-09

Atualizado

2023-11-15

CVE-2023-45885

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions NASA Open MCT versions through 3.1.0

Description The issue allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. This is a Cross Site Scripting (XSS) vulnerability.

Recommendations For versions through 3.1.0, consider disabling the new component feature in the flexibleLayout plugin as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-45885

GHSA-V8FC-QXVJ-F3MG

Produtos afetados

Openmct

PT-2023-29746 · Nasa · Openmct

CVE-2023-45885

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9