2 matches found
CVE-2023-45280
Yamcs 5.8.6 allows XSS issue 2 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrar...
CVE-2023-45280
CVE-2023-45280 affects Yamcs 5.8.6. The vulnerability is a Cross-site Scripting (XSS) flaw via the Bucket storage mechanism: an HTML file containing arbitrary JavaScript can be uploaded and, when the user opens it, the browser executes the script. The issue is attributed to insufficient validatio...