CVE-2023-45885

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-45885

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45885.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45885

Aliases

GHSA-v8fc-qxvj-f3mg

Published

2023-11-09T17:15:08.903Z

Modified

2026-04-10T05:01:42.866378Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

References

https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f

Affected packages

Git / github.com/nasa/openmct

Affected ranges

Type

GIT

Repo

https://github.com/nasa/openmct

Events

Introduced

Last affected

c1dd82cf5f188e7c79a08ea729267a86e0a28968

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        }
    ]
}

Affected versions

0.*

0.14.0

1.*

1.7.8-rc1

V-R4.*

V-R4.4-41620

V-R4.4-RC4

V-R4.4-RC5

Other

list

openmct-viper-build-2-rc2

sim3

open-v0.*

open-v0.7.2

v0.*

v0.10.1

v0.10.2

v0.10.3

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.12.0

v0.14.0

v1.*

v1.2-RC1

v1.2-RC3

v1.2-rc2

v1.3.1

v1.4.0-rc5

v1.4.1-rc1

v1.4.1-rc2

v3.*

v3.1.0

vista-4.*

vista-4.7.0-rc1

vista-4.7.0-rc2

vista-4.7.0-rc3

vista-4.7.0-rc5

vista-r4.*

vista-r4.3.1-rc1

vista-r4.8.0-rc1

vista-r4.8.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45885.json"