187 matches found
OpenC3 COSMOS 路径遍历漏洞
OpenC3 COSMOS is an OpenC3 open source application. A path traversal vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to download any .txt file by running ScreensControllershow on the web server...
PT-2024-32312 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS versions prior to 5.19.0 Description: A path traversal vulnerability inside of LocalMode's open local file method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the w...
OpenC3 COSMOS 跨站脚本漏洞
OpenC3 COSMOS is an OpenC3 open source application. A cross-site scripting vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to perform cross-site scripting attacks...
PT-2024-32642 · Openc3 · Openc3 Cosmos
Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS versions prior to 5.19.0 Description: OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting. The issue may...
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE. NOTE: The complete advisory with much more information...
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting see GHSL-2024-128. Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition Impa...