Stored XSS vulnerability in Openmct versions 1.3.0 to 1.7.7 via Web Page element URL field

Stored XSS vulnerability in Openmct versions 1.3.0 to 1.7.7 via Web Page element URL field

CVE-2022-22126 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.

Learn more about our Web App Pen Testing.