CVE-2023-45280

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45280

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45280.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45280

Aliases

GHSA-643f-hpcc-2gv8

Published

2023-10-19T22:15:09Z

Modified

2024-05-14T13:02:17.313388Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

References

Affected packages

Git / github.com/yamcs/yamcs

Affected ranges

Type: GIT
Repo: https://github.com/yamcs/yamcs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9443a67d2aeda20fb73f68c5d571b515d68c05e4

Affected versions

Other

before-removing-cfdp-half-implemented-features

v0.*

v0.26.0

v0.26.1

v0.26.3

v0.26.4

v0.27.1

v0.27.2

v0.27.3

v0.28.0

v0.28.0-20150811

v0.28.0-20150817

v0.28.0-20150820

v0.28.0-20150824

v0.28.0-20150825

v0.28.0-20150826

v0.28.0-20150827

v0.28.0-20150828

v0.28.0-20150901

v0.28.0-20150902

v0.28.0-20150902-2

v0.28.0-20150903

v0.29.0

v0.29.1

v0.29.1-20151214

v0.29.1-20160119

v0.29.1-20160127

v0.29.2

v0.29.3

v0.29.3-20160608

v0.29.4

yamcs-0.*

yamcs-0.30.0

yamcs-3.*

yamcs-3.0.0

yamcs-3.1.0

yamcs-3.1.1

yamcs-3.1.2

yamcs-3.2.0

yamcs-3.2.1

yamcs-3.2.2

yamcs-3.3.0

yamcs-3.4.0

yamcs-4.*

yamcs-4.0.0

yamcs-4.0.1

yamcs-4.1.1

yamcs-4.1.2

yamcs-4.10.0

yamcs-4.10.1

yamcs-4.10.2

yamcs-4.10.3

yamcs-4.10.4

yamcs-4.10.5

yamcs-4.10.6

yamcs-4.10.7

yamcs-4.10.8

yamcs-4.10.9

yamcs-4.2.0

yamcs-4.2.1

yamcs-4.2.2

yamcs-4.3.0

yamcs-4.3.1

yamcs-4.4.0

yamcs-4.4.1

yamcs-4.4.2

yamcs-4.5.0

yamcs-4.6.0

yamcs-4.6.1

yamcs-4.6.2

yamcs-4.6.3

yamcs-4.7

yamcs-4.7.1

yamcs-4.7.2

yamcs-4.7.3

yamcs-4.8.0

yamcs-4.8.1

yamcs-4.9.0

yamcs-4.9.1

yamcs-4.9.2

yamcs-4.9.3

yamcs-4.9.4

yamcs-4.9.5

yamcs-5.*

yamcs-5.0.0

yamcs-5.0.1

yamcs-5.1.0

yamcs-5.1.1

yamcs-5.1.2

yamcs-5.1.3

yamcs-5.2.0

yamcs-5.3.0

yamcs-5.3.1

yamcs-5.3.2

yamcs-5.3.3

yamcs-5.3.4

yamcs-5.3.5

yamcs-5.4.0

yamcs-5.4.1

yamcs-5.4.2

yamcs-5.4.3

yamcs-5.5.0

yamcs-5.5.1

yamcs-5.5.2

yamcs-5.5.3

yamcs-5.5.4

yamcs-5.5.5

yamcs-5.5.6

yamcs-5.5.7

yamcs-5.6.0

yamcs-5.6.1

yamcs-5.6.2

yamcs-5.7.0

yamcs-5.7.1

yamcs-5.7.10

yamcs-5.7.2

yamcs-5.7.3

yamcs-5.7.4

yamcs-5.7.5

yamcs-5.7.6

yamcs-5.7.7

yamcs-5.7.8

yamcs-5.7.9

yamcs-5.8.0

yamcs-5.8.1

yamcs-5.8.2

yamcs-5.8.3

yamcs-5.8.4

yamcs-5.8.5

yamcs-5.8.6