6 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NASA Open MCT (también conocido como openmct) hasta 3.1.0 permite a los atacantes ver información confidencial a través del complemento flexibleLayout. • https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. La vulnerabilidad de Cross Site Scripting (XSS) en NASA Open MCT (también conocido como openmct) hasta 3.1.0 permite a los atacantes ejecutar código arbitrario a través de la nueva función de componente en el complemento flexibleLayout. • https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. En NASA Open MCT (también conocido como openmct) anterior a 3.1.0, la contaminación del prototipo puede ocurrir mediante una acción de importación. • https://github.com/nasa/openmct/compare/v3.0.2...v3.1.0 https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52 https://nasa.github.io/openmct https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Summary Widget", que permite la inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versiones 1.7.7 y anteriores; versiones 1.3.0 y posteriores • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions. Openmct versiones 1.3.0 hasta 1.7.7, son vulnerables a un ataque de tipo XSS almacenado por medio del elemento "Condition Widget", que permite una inyección de JavaScript malicioso en el campo "URL". Este problema afecta a: nasa openmct versiones 1.7.7 y anteriores; versiones 1.3.0 y posteriores • https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •