Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-45280 Vulnerability in maven package org.yamcs:yamcs-core

Description

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

Remediation

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Related Vulnerabilities

CVE-2021-37404 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2022-35948 Vulnerability in npm package undici

CVE-2021-23396 Vulnerability in npm package lutils

CVE-2021-3815 Vulnerability in npm package @fabiocaccamo/utils.js

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Exploit Third Party Advisory