38 matches found
CVE-2022-22126
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-22126
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
Cross site scripting
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
Design/Logic Flaw
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
Design/Logic Flaw
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23054
OpenMCT (NASA) versions 1.3.0–1.7.7 are vulnerable to stored XSS via the Summary Widget’s URL field. Root cause: the URL value is not properly escaped/filtered, enabling injection of malicious JavaScript. Impact described: attacker can inject code into the field, with related persistence/impact a...
CVE-2022-23054 Openmct XSS via the “Summary Widget”
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23053
OpenMCT is vulnerable to stored XSS via the Condition Widget URL field, affecting NASA OpenMCT 1.7.7 and earlier 1.3.0+ releases. Root cause: insufficient escaping/validation of URL input in the Condition Widget, enabling injection of JavaScript. Connected sources corroborate across Red Hat CVE e...
CVE-2022-23053 Openmct XSS via the “Condition Widget”
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-22126 Openmct XSS via the “Web Page” element
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-22126
OpenMCT vulnerability CVE-2022-22126: OpenMCT versions 1.3.0 to 1.7.7 are affected by a stored XSS in the Web Page element, allowing injection of malicious JavaScript via the URL field. Affected product/version mix references NASA OpenMCT 1.7.7 and earlier 1.3.0+; the issue is consistent across m...
Nasa Openmct 跨站脚本漏洞
Nasa Openmct is an open source open mission control technology from NASA, Inc. for visualizing data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct versions 1.3.0 through 1.7.7, which stems from the software's lack of effective filtering and escaping for...
Openmct 跨站脚本漏洞
Nasa Openmct is an open source open mission control technology from NASA, Inc. It is used to visualize data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct up to version 1.7.7, which stems from the software's lack of effective filtering and escaping of...