Lucene search
K

187 matches found

CNNVD
CNNVD
added 2024/10/02 12:0 a.m.6 views

OpenC3 COSMOS 路径遍历漏洞

OpenC3 COSMOS is an OpenC3 open source application. A path traversal vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to download any .txt file by running ScreensControllershow on the web server...

6.5CVSS6.8AI score0.00912EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.4 views

PT-2024-32312 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS versions prior to 5.19.0 Description: A path traversal vulnerability inside of LocalMode's open local file method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the w...

7.1CVSS6.9AI score0.00912EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.3 views

OpenC3 COSMOS 跨站脚本漏洞

OpenC3 COSMOS is an OpenC3 open source application. A cross-site scripting vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to perform cross-site scripting attacks...

6.1CVSS6.1AI score0.00455EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.6 views

PT-2024-32642 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS versions prior to 5.19.0 Description: OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting. The issue may...

6.5CVSS7AI score0.00342EPSS
Exploits1References14
RubySec
RubySec
added 2024/10/02 12:0 a.m.33 views

OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE. NOTE: The complete advisory with much more information...

6.1CVSS7.1AI score0.00455EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/10/02 12:0 a.m.11 views

OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)

Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...

6.5CVSS6.4AI score0.00912EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/10/02 12:0 a.m.12 views

OpenC3 stores passwords in clear text (`GHSL-2024-129`)

Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting see GHSL-2024-128. Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition Impa...

6.5CVSS6.4AI score0.00342EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder