VYPR
Unrated severityNVD Advisory· Published Feb 20, 2022· Updated Aug 3, 2024

Openmct XSS via the “Condition Widget”

CVE-2022-23053

Description

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nasa/openmctllm-fuzzy
    Range: >=1.3.0 <=1.7.7
  • nasa/openmctv5
    Range: 1.7.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.