CVE-2023-45280

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7	Patch
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies	Exploit Third Party Advisory
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7	Patch
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:spaceapplications:yamcs:5.8.6:*:*:*:*:*:*:*

History

21 Nov 2024, 08:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-19 22:15

Updated : 2024-11-21 08:26

NVD link : CVE-2023-45280

Mitre link : CVE-2023-45280

CVE.ORG link : CVE-2023-45280

JSON object : View

Products Affected

spaceapplications

yamcs

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-45280", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-10-19T22:15:09.953", "references": [{"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript."}, {"lang": "es", "value": "Yamcs 5.8.6 permite XSS (problema 2 de 2). Viene con un cubo como mecanismo de almacenamiento principal. Los dep\u00f3sitos permiten la carga de cualquier archivo. Hay una manera de cargar un archivo HTML que contenga JavaScript arbitrario y luego navegar hasta \u00e9l. Una vez que el usuario abre el archivo, el navegador ejecutar\u00e1 el JavaScript arbitrario."}], "lastModified": "2024-11-21T08:26:40.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spaceapplications:yamcs:5.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CCD705E-7C97-486F-8FB1-158DE969C5F2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}