3 matches found
CVE-2022-23054
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23054 Openmct XSS via the “Summary Widget”
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23054
OpenMCT (NASA) versions 1.3.0–1.7.7 are vulnerable to stored XSS via the Summary Widget’s URL field. Root cause: the URL value is not properly escaped/filtered, enabling injection of malicious JavaScript. Impact described: attacker can inject code into the field, with related persistence/impact a...