Spaceapplications: >> Yamcs >> 5.8.6 Security Vulnerabilities
Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-19
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.009
Published
2023-10-19
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-10-19
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.
CVSS Score
9.1
EPSS Score
0.015
Published
2023-10-19
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-10-19