Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
References
Link | Resource |
---|---|
https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a | Patch Third Party Advisory |
https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nasa/openmct/commit/abc93d0ec4b104dac1ea5f8a615d06e3ab78934a - Patch, Third Party Advisory |
Information
Published : 2022-02-20 19:15
Updated : 2024-11-21 06:47
NVD link : CVE-2022-23054
Mitre link : CVE-2022-23054
CVE.ORG link : CVE-2022-23054
JSON object : View
Products Affected
nasa
- openmct
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')