2 matches found
CVE-2022-23053
OpenMCT is vulnerable to stored XSS via the Condition Widget URL field, affecting NASA OpenMCT 1.7.7 and earlier 1.3.0+ releases. Root cause: insufficient escaping/validation of URL input in the Condition Widget, enabling injection of JavaScript. Connected sources corroborate across Red Hat CVE e...
CVE-2022-23053 Openmct XSS via the “Condition Widget”
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...