Spaceapplications

Yamcs

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-45279

Exploit
  • EPSS 0.27%
  • Veröffentlicht 19.10.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:40

Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open ...

5.4

CVE-2023-45280

Exploit
  • EPSS 1.59%
  • Veröffentlicht 19.10.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:40

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user open...

7.5

CVE-2023-45277

Exploit
  • EPSS 0.67%
  • Veröffentlicht 19.10.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:40

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

9.1

CVE-2023-45278

Exploit
  • EPSS 2.56%
  • Veröffentlicht 19.10.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:40

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.

6.1

CVE-2023-45281

Exploit
  • EPSS 0.15%
  • Veröffentlicht 19.10.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:26:41

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.