CVE-2023-45280

MEDIUM5.4EPSS 1.6%

Yamcs Cross-site Scripting vulnerability

Published: 10/20/2023Modified: 2/16/2024

Description

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

Affected packages (1)

Maven/org.yamcs:yamcsfrom 0, < 5.8.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-45280
PATCHhttps://github.com/yamcs/yamcs
WEBhttps://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
WEBhttps://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies