Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.
References
Link | Resource |
---|---|
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | Patch |
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-19T00:00:00
Updated: 2023-10-19T21:50:38.661811
Reserved: 2023-10-06T00:00:00
Link: CVE-2023-45280
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-19T22:15:09.953
Modified: 2023-10-25T19:05:48.603
Link: CVE-2023-45280
JSON object: View
Redhat Information
No data.
CWE