npm package
openmct
pkg:npm/openmct
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45885 | — | <= 3.1.0 | — | Nov 9, 2023 | Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | ||
| CVE-2023-45884 | — | < 3.1.1 | 3.1.1 | Nov 9, 2023 | Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. | ||
| CVE-2023-45282 | — | <= 3.0.2 | — | Oct 6, 2023 | In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. |
- CVE-2023-45885Nov 9, 2023affected <= 3.1.0
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
- CVE-2023-45884Nov 9, 2023affected < 3.1.1fixed 3.1.1
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.
- CVE-2023-45282Oct 6, 2023affected <= 3.0.2
In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.