Vulnerability Details CVE-2023-45280
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
- https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies
- https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7
- https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies
Products affected by CVE-2023-45280
-
cpe:2.3:a:spaceapplications:yamcs:5.8.6