CVE-2023-45280 — MEDIUM (5.4)

Vulnerability Description

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Spaceapplications	Yamcs	5.8.6

Related Weaknesses (CWE)

CWE-79

References

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7Patch
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technoExploitThird Party Advisory
https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7Patch
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technoExploitThird Party Advisory

FAQ

What is CVE-2023-45280?

CVE-2023-45280 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary Java...

How severe is CVE-2023-45280?

CVE-2023-45280 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-45280?

Check the references section above for vendor advisories and patch information. Affected products include: Spaceapplications Yamcs.