Andrzej Olchawa

**Name of the Vulnerable Software and Affected Versions** OpenC3 COSMOS version 6.0.0 **Description** A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter. **Recommendations** For OpenC3 COSMOS version 6.0.0, consider disabling access to the vulnerable URL parameter until a patch is available. Restrict access to the affected URL endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NASA CryptoLib version 1.3.0 **Description** The issue is related to an Out-of-Bounds read via the TC subsystem. Specifically, the problem is identified in the `crypto aos.c` file. **Recommendations** For NASA CryptoLib version 1.3.0, consider restricting access to the TC subsystem until a patch is available. As a temporary workaround, disabling the `crypto aos.c` functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.