PT-2024-30663 · Openc3 · Openc3 Cosmos Open Source Edition
P-
·
Published
2024-10-02
·
Updated
2024-11-18
·
CVE-2024-43795
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenC3 COSMOS Open Source Edition versions prior to 5.19.0
Description
The login functionality of OpenC3 COSMOS contains a reflected cross-site scripting (XSS) vulnerability. This issue may lead to Remote Code Execution (RCE). The vulnerability affects the Open Source Edition, not the OpenC3 COSMOS Enterprise Edition.
Recommendations
For OpenC3 COSMOS Open Source Edition versions prior to 5.19.0, update to version 5.19.0 to resolve the issue. As a temporary workaround, consider restricting access to the login functionality until the update is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openc3 Cosmos Open Source Edition