CVE-2023-45885

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/openmct

Identifiers

GHSA-v8fc-qxvj-f3mg, CVE-2023-45885

Package Slug

npm/openmct

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Affected Versions

All versions up to 3.1.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-11-17

source