OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Vulnerabilities exist in versions of OpenC3 COSMOS prior to 6.10.5 and 7.0.0-rc3. These vulnerabilities stem from design flaws in the savetoolconfig function, allowing the ability to save tool configuration files at any position...

PT-2026-36879

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 6.10.5 OpenC3 COSMOS versions prior to 7.0.0-rc3 Description A design flaw in the save tool config function allows users to save tool configuration files at arbitrary locations within the shared /plugins directo...

EUVD-2025-18281

Malicious code in bioql PyPI...

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2 that stems from the use of hard-coded credentials for service accounts...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2, which stems from the disclosure of service credentials stored in an environment variable, which could lead to an attacker accessing the credentials...

CVE-2025-28380

Summary of CVE-2025-28380 : OpenC3 COSMOS is affected by an XSS vulnerability that enables execution of arbitrary web scripts/HTML via a crafted payload in a URL parameter, observed in versions prior to 6.0.2. The reports consistently identify the vulnerable component as the web-facing URL parame...

CVE-2024-43795

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...