MAL-2026-4629 Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

EUVD-2022-27275

Malicious code in bioql PyPI...

EUVD-2022-28164

Malicious code in bioql PyPI...

EUVD-2022-28163

Malicious code in bioql PyPI...

Malicious code in openmct-e2e (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 929c26f533affbdfe0c09be2dff86f393cae1b379f25ce110aa61a1a27f473fb The OpenSSF Package Analysis project identified 'openmct-e2e' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-41820 Malicious code in openmct-e2e (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 929c26f533affbdfe0c09be2dff86f393cae1b379f25ce110aa61a1a27f473fb The OpenSSF Package Analysis project identified 'openmct-e2e' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

CVE-2023-45885

Cross Site Scripting XSS vulnerability in NASA Open MCT aka openmct through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin...

PT-2023-29746 · Nasa · Openmct

Name of the Vulnerable Software and Affected Versions: NASA Open MCT versions through 3.1.0 Description: The issue allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. This is a Cross Site Scripting XSS vulnerability. Recommendations: For versions...

CVE-2023-45884

CVE-2023-45884 is a CSRF vulnerability in NASA Open MCT (openmct) up to and including version 3.1.0, exposed via the flexibleLayout plugin. Attackers can view sensitive information; the available documents do not specify a fixed patch or remediation, only that the issue exists through 3.1.0.

CVE-2023-45282

In NASA Open MCT (openmct), a prototype pollution vulnerability affects versions 2.2.5 through 3.1.0 via an import action. The issue is fixed by upgrading to version 3.1.0 or later. This corresponds to an impact on availability and integrity as indicated by CVSS 3.1 metrics, but exploitation deta...

PT-2023-29485 · Openmct · Openmct

Name of the Vulnerable Software and Affected Versions: openmct versions 2.2.5 through 3.1.0 Description: The issue concerns a prototype pollution that can occur via an import action. Recommendations: For openmct versions 2.2.5 through 3.1.0, update to version 3.1.0 or later to resolve the issue...

Cross-site Scripting (XSS)

openmct is vulnerable to cross-site scripting. The library does not properly escape the URL field in the Summary Widget element, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

openmct is vulnerable to cross-site scripting. The library does not properly escape the URL field in the Condition Widget element, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

openmct is vulnerable to cross-site scripting. The library does not properly escape the URL field in the Web Page element, allowing an attacker to inject and execute malicious script...

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...