CVE-2023-45885
MEDIUMNASA Open MCT <= 3.1.0 - Cross-Site Scripting via Flexible Layout New Component Feature
Title source: llmDescription
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://www.linkedin.com/pulse/xss-nasas-open-mct-v302-visionspace-technologies-ubg4f
Scores
CVSS v3
5.4
EPSS
0.0009
EPSS Percentile
25.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
nasa/openmct
< 3.1.0
npm/openmct
0npm
Published
Nov 09, 2023
Tracked Since
Feb 18, 2026