Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | Patch | 
| https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | Exploit Third Party Advisory | 
| https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7 | Patch | 
| https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies | Exploit Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2023-10-19 22:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45280
Mitre link : CVE-2023-45280
CVE.ORG link : CVE-2023-45280
JSON object : View
Products Affected
                spaceapplications
- yamcs
CWE
                
                    
                        
                        CWE-79
                        
            Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
