NASA Open MCT Cross Site Scripting vulnerability

Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 3.1.0

References

• GHSA-v8fc-qxvj-f3mg
• www.linkedin.com
• CVE-2023-45885
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability - CVE-2023-45884
• vxe-table Cross-site Scripting vulnerability - CVE-2023-1001
• webmention.js Cross-site Scripting vulnerability - CVE-2023-3672
• @excalidraw/excalidraw Cross-site Scripting vulnerability - CVE-2023-26140

Tags:

npm

openmct