VYPR
Unrated severityNVD Advisory· Published Feb 20, 2022· Updated Aug 3, 2024

Openmct XSS via the “Summary Widget”

CVE-2022-23054

Description

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nasa/openmctllm-create
    Range: >=1.3.0, <=1.7.7
  • nasa/openmctv5
    Range: 1.7.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.