Lucene search

Veracode Vulnerability DatabaseVERACODE:43915

HistoryOct 20, 2023 - 6:42 a.m.

Cross-site Scripting (XSS)

2023-10-2006:42:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

yamcs-web

insufficient validation

uploading files

html file

arbitrary javascript

malicious actions

unauthorized access

security flaw

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

yamcs-web is vulnerable to Cross-site Scripting (XSS). The vulnerability is present because there is insufficient validation when uploading files in the library. This flaw enables an attacker to upload an HTML file that contains arbitrary JavaScript. When a user opens this file, the arbitrary JavaScript is executed, potentially leading to malicious actions or unauthorized access through the bucket.

CPENameOperatorVersion
yamcs :: web uieq5.8.6
yamcs :: web uieq5.8.6

CPE	Name	Operator	Version
	yamcs :: web ui	eq	5.8.6
	yamcs :: web ui	eq	5.8.6

References

github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies