Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Remediation

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Related Vulnerabilities

CVE-2020-28052 Vulnerability in maven package bouncycastle:bcprov-jdk14

CVE-2020-35460 Vulnerability in maven package net.sf.mpxj:mpxj

CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui

CVE-2020-7708 Vulnerability in npm package @irrelon/path

CVE-2023-49652 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory