Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Remediation

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Related Vulnerabilities

CVE-2021-23484 Vulnerability in npm package zip-local

CVE-2019-14862 Vulnerability in maven package org.jszip.redist:knockout

CVE-2020-11020 Vulnerability in maven package org.webjars.npm:faye

CVE-2022-29546 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit

CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory