Khalidadil

**Name of the Vulnerable Software and Affected Versions** Openmct versions 1.3.0 through 1.7.7 **Description** The issue is related to stored XSS via the “Web Page” element, allowing the injection of malicious JavaScript into the `URL` field. This affects NASA Openmct version 1.7.7 and prior versions. **Recommendations** For Openmct versions 1.3.0 through 1.7.7, consider disabling the “Web Page” element until a patch is available to prevent the injection of malicious JavaScript into the `URL` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openmct versions 1.3.0 through 1.7.7 **Description** The issue is related to stored XSS via the “Condition Widget” element, allowing the injection of malicious JavaScript into the `URL` field. This affects NASA Openmct version 1.7.7 and prior versions, as well as version 1.3.0 and later versions. **Recommendations** For Openmct versions 1.3.0 through 1.7.7, consider disabling the “Condition Widget” element until a patch is available to prevent the injection of malicious JavaScript into the `URL` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openmct versions 1.3.0 through 1.7.7 **Description** The issue is related to stored XSS via the "Summary Widget" element, allowing the injection of malicious JavaScript into the `URL` field. This affects NASA Openmct version 1.7.7 and prior versions. **Recommendations** For Openmct versions 1.3.0 through 1.7.7, consider disabling the "Summary Widget" element until a patch is available to prevent the injection of malicious JavaScript into the `URL` field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.