Arbitrary Code Execution via Cross Site Scripting (XSS) in NASA Open MCT

Arbitrary Code Execution via Cross Site Scripting (XSS) in NASA Open MCT

CVE-2023-45885 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Learn more about our Web Application Penetration Testing UK.