CVE-2023-45885

Source
https://cve.org/CVERecord?id=CVE-2023-45885
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45885.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45885
Aliases
Published
2023-11-09T00:00:00Z
Modified
2026-07-08T06:29:04.138278659Z
Summary
[none]
Details

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "3.1.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45885.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/nasa/openmct

Affected ranges

Type
GIT
Repo
https://github.com/nasa/openmct
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:nasa:openmct:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        }
    ]
}

Affected versions

0.*
0.14.0
1.*
1.7.8-rc1
V-R4.*
V-R4.4-41620
V-R4.4-RC4
V-R4.4-RC5
Other
list
openmct-viper-build-2-rc2
sim3
open-v0.*
open-v0.7.2
v0.*
v0.10.1
v0.10.2
v0.10.3
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.12.0
v0.14.0
v1.*
v1.2-RC1
v1.2-RC3
v1.2-rc2
v1.3.1
v1.4.0-rc5
v1.4.1-rc1
v1.4.1-rc2
v3.*
v3.1.0
vista-4.*
vista-4.7.0-rc1
vista-4.7.0-rc2
vista-4.7.0-rc3
vista-4.7.0-rc5
vista-r4.*
vista-r4.3.1-rc1
vista-r4.8.0-rc1
vista-r4.8.0-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45885.json"