nasa/openmct

nasa/openmct

Releases241

Frequency2 weeks 2 days

Last Release 20 days ago

Stars13K

A web based mission control framework.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-45282 ↗	Oct 6, 2023Friday, 6 October 2023, 19:15	7.5 HIGH	—
In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.
CVE-2022-22126 ↗	Feb 20, 2022Sunday, 20 February 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
CVE-2022-23053 ↗	Feb 20, 2022Sunday, 20 February 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
CVE-2022-23054 ↗	Feb 20, 2022Sunday, 20 February 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.