CVE-2023-45885 – openmct

Package

Manager: npm
Name: openmct
Vulnerable Version: >=0 <=3.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.0012 pctl0.31605

Details

NASA Open MCT Cross Site Scripting vulnerability Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the `flexibleLayout` plugin.

Metadata

Created: 2023-11-09T18:34:55Z
Modified: 2023-11-16T20:16:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-v8fc-qxvj-f3mg/GHSA-v8fc-qxvj-f3mg.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v8fc-qxvj-f3mg
Finding: F425
Auto approve: 1