CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45884
https://notcve.org/view.php?id=CVE-2023-45884
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NASA Open MCT (también conocido como openmct) hasta 3.1.0 permite a los atacantes ver información confidencial a través del complemento flexibleLayout. • https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45885
https://notcve.org/view.php?id=CVE-2023-45885
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. La vulnerabilidad de Cross Site Scripting (XSS) en NASA Open MCT (también conocido como openmct) hasta 3.1.0 permite a los atacantes ejecutar código arbitrario a través de la nueva función de componente en el complemento flexibleLayout. • https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45282
https://notcve.org/view.php?id=CVE-2023-45282
In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. En NASA Open MCT (también conocido como openmct) anterior a 3.1.0, la contaminación del prototipo puede ocurrir mediante una acción de importación. • https://github.com/nasa/openmct/compare/v3.0.2...v3.1.0 https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52 https://nasa.github.io/openmct https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23054 – Openmct XSS via the “Summary Widget”
https://notcve.org/view.php?id=CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Summary Widget", que permite la inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versiones 1.7.7 y anteriores; versiones 1.3.0 y posteriores • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23053 – Openmct XSS via the “Condition Widget”
https://notcve.org/view.php?id=CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Condition Widget", que permite una inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versiones 1.7.7 y anteriores; versiones 1.3.0 y posteriores • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •