NASA Open MCT Cross Site Scripting vulnerability

Severity:: Medium

Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Recommendation

No fix is available yet. Followings are affected versions:

<= 3.1.0

References

GHSA-v8fc-qxvj-f3mg
www.linkedin.com
CVE-2023-45885
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability - CVE-2023-45884
Layui cross-site scripting (XSS) vulnerability - CVE-2023-50550
Froala Editor Cross-site Scripting vulnerability - CVE-2023-41592
Prototype Pollution in NASA Open MCT - CVE-2023-45282

Tags:: npm; openmct

Anything's wrong? Let us know Last updated on November 22, 2023