CVE-2023-45279
- Source
- https://cve.org/CVERecord?id=CVE-2023-45279
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45279.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-45279
- Aliases
- Published
- 2023-10-19T22:15:09.893Z
- Modified
- 2026-04-12T07:20:46.392364Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.
- References
Affected packages
Git / github.com/yamcs/yamcs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yamcs/yamcs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "5.8.6" } ], "cpe": "cpe:2.3:a:spaceapplications:yamcs:5.8.6:*:*:*:*:*:*:*" }
Affected versions
Other
before-removing-cfdp-half-implemented-features
v0.*
v0.26.0
v0.26.1
v0.28.0
v0.28.0-20150811
v0.28.0-20150817
v0.28.0-20150820
v0.28.0-20150824
v0.28.0-20150825
v0.28.0-20150826
v0.28.0-20150827
v0.28.0-20150828
v0.28.0-20150901
v0.28.0-20150902
v0.28.0-20150902-2
v0.28.0-20150903
v0.29.0
v0.29.1
v0.29.1-20151214
v0.29.1-20160119
v0.29.1-20160127
v0.29.3
v0.29.3-20160608
v0.29.4
yamcs-0.*
yamcs-0.30.0
yamcs-3.*
yamcs-3.0.0
yamcs-3.1.0
yamcs-3.1.1
yamcs-3.1.2
yamcs-3.2.0
yamcs-3.2.1
yamcs-3.2.2
yamcs-3.3.0
yamcs-3.4.0
yamcs-4.*
yamcs-4.0.1
yamcs-4.1.1
yamcs-4.1.2
yamcs-4.10.0
yamcs-4.10.1
yamcs-4.10.2
yamcs-4.10.3
yamcs-4.10.4
yamcs-4.10.5
yamcs-4.10.6
yamcs-4.10.7
yamcs-4.10.8
yamcs-4.10.9
yamcs-4.2.0
yamcs-4.2.1
yamcs-4.2.2
yamcs-4.3.0
yamcs-4.3.1
yamcs-4.4.0
yamcs-4.4.1
yamcs-4.4.2
yamcs-4.7
yamcs-4.7.1
yamcs-4.7.2
yamcs-4.7.3
yamcs-4.8.0
yamcs-4.8.1
yamcs-4.9.0
yamcs-4.9.1
yamcs-4.9.2
yamcs-4.9.3
yamcs-4.9.4
yamcs-4.9.5
yamcs-5.*
yamcs-5.0.0
yamcs-5.0.1
yamcs-5.1.0
yamcs-5.1.1
yamcs-5.1.2
yamcs-5.1.3
yamcs-5.2.0
yamcs-5.3.0
yamcs-5.3.1
yamcs-5.3.2
yamcs-5.3.3
yamcs-5.3.4
yamcs-5.3.5
yamcs-5.4.0
yamcs-5.4.1
yamcs-5.4.2
yamcs-5.4.3
yamcs-5.5.0
yamcs-5.5.1
yamcs-5.5.2
yamcs-5.5.3
yamcs-5.5.4
yamcs-5.5.5
yamcs-5.5.6
yamcs-5.5.7
yamcs-5.6.0
yamcs-5.6.1
yamcs-5.6.2
yamcs-5.7.0
yamcs-5.7.1
yamcs-5.7.10
yamcs-5.7.2
yamcs-5.7.3
yamcs-5.7.4
yamcs-5.7.5
yamcs-5.7.6
yamcs-5.7.7
yamcs-5.7.8
yamcs-5.7.9
yamcs-5.8.0
yamcs-5.8.1
yamcs-5.8.2
yamcs-5.8.3
yamcs-5.8.4
yamcs-5.8.5
yamcs-5.8.6