Lucene search
K

38 matches found

ATTACKERKB
ATTACKERKB
added 2022/02/20 7:15 p.m.7 views

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS6.4AI score0.00606EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/20 7:15 p.m.6 views

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS5.8AI score0.00606EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/02/20 7:15 p.m.21 views

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS0.00606EPSS
Exploits0References1
NVD
NVD
added 2022/02/20 7:15 p.m.47 views

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS0.00606EPSS
Exploits0References1
OSV
OSV
added 2022/02/20 7:15 p.m.9 views

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/02/20 7:15 p.m.7 views

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/02/20 7:15 p.m.5 views

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/02/20 7:15 p.m.15 views

Cross site scripting

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

4.3CVSS6AI score0.00606EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/20 7:15 p.m.20 views

Design/Logic Flaw

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

4.3CVSS6AI score0.00606EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/20 7:15 p.m.15 views

Design/Logic Flaw

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

4.3CVSS6AI score0.00606EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/20 7:0 p.m.119 views

CVE-2022-23054

OpenMCT (NASA) versions 1.3.0–1.7.7 are vulnerable to stored XSS via the Summary Widget’s URL field. Root cause: the URL value is not properly escaped/filtered, enabling injection of malicious JavaScript. Impact described: attacker can inject code into the field, with related persistence/impact a...

6.1CVSS6.2AI score0.00606EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/20 7:0 p.m.46 views

CVE-2022-23054 Openmct XSS via the “Summary Widget”

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS6.3AI score0.00606EPSS
Exploits0References1
CVE
CVE
added 2022/02/20 7:0 p.m.104 views

CVE-2022-23053

OpenMCT is vulnerable to stored XSS via the Condition Widget URL field, affecting NASA OpenMCT 1.7.7 and earlier 1.3.0+ releases. Root cause: insufficient escaping/validation of URL input in the Condition Widget, enabling injection of JavaScript. Connected sources corroborate across Red Hat CVE e...

6.1CVSS6.2AI score0.00606EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/20 7:0 p.m.23 views

CVE-2022-23053 Openmct XSS via the “Condition Widget”

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS6.3AI score0.00606EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/20 7:0 p.m.17 views

CVE-2022-22126 Openmct XSS via the “Web Page” element

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS6.3AI score0.00606EPSS
Exploits0References1
CVE
CVE
added 2022/02/20 7:0 p.m.128 views

CVE-2022-22126

OpenMCT vulnerability CVE-2022-22126: OpenMCT versions 1.3.0 to 1.7.7 are affected by a stored XSS in the Web Page element, allowing injection of malicious JavaScript via the URL field. Affected product/version mix references NASA OpenMCT 1.7.7 and earlier 1.3.0+; the issue is consistent across m...

6.1CVSS6.2AI score0.00606EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/02/20 12:0 a.m.8 views

Nasa Openmct 跨站脚本漏洞

Nasa Openmct is an open source open mission control technology from NASA, Inc. for visualizing data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct versions 1.3.0 through 1.7.7, which stems from the software's lack of effective filtering and escaping for...

6.1CVSS5.9AI score0.00606EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/20 12:0 a.m.22 views

Openmct 跨站脚本漏洞

Nasa Openmct is an open source open mission control technology from NASA, Inc. It is used to visualize data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct up to version 1.7.7, which stems from the software's lack of effective filtering and escaping of...

6.1CVSS5.9AI score0.00606EPSS
Exploits0References3
Rows per page
Query Builder