← Retour aux CVEs

CVE-2023-45280

MEDIUM

5.4

Description

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

Details CVE

Score CVSS v3.15.4

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie10/19/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

spaceapplications:yamcs

Faiblesses (CWE)

CWE-79

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7(cve@mitre.org)

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies(cve@mitre.org)

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7(af854a3a-2127-422b-91ae-364da2661108)

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.