CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
20.8%
yamcs-web is vulnerable to Cross-site Scripting (XSS). The vulnerability is present because there is insufficient validation when uploading files in the library. This flaw enables an attacker to upload an HTML file that contains arbitrary JavaScript. When a user opens this file, the arbitrary JavaScript is executed, potentially leading to malicious actions or unauthorized access through the bucket.