CVE-2023-45279

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 19, 2023

Updated: Oct 25, 2023

CWE ID 79

Summary

CVE-2023-45279 is a vulnerability affecting Yamcs version 5.8.6. This issue permits Cross-Site Scripting (XSS) attacks. The primary storage mechanism for Yamcs is a Bucket, which enables users to upload any file. A malicious JavaScript file can be introduced into the system by uploading a display with a reference to the file. Users can access the uploaded display by navigating to the Telemetry menu and selecting the display, thereby potentially executing the malicious script.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s6KocC
https://www.cve.org/CVERecord?id=CVE-2023-45279
https://nvd.nist.gov/vuln/detail/CVE-2023-45279

Back to Vulnerability Database

CVE-2023-45279

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations