OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 31 Oct 2024 14:00:00 +0000


Tue, 08 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Openc3
Openc3 cosmos
CPEs cpe:2.3:a:openc3:cosmos:*:*:*:*:open_source:*:*:*
Vendors & Products Openc3
Openc3 cosmos
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Wed, 02 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 02 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Description OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.
Title OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-10-31T13:50:53.332Z

Reserved: 2024-08-16T14:20:37.324Z

Link: CVE-2024-43795

cve-icon Vulnrichment

Updated: 2024-10-02T19:54:31.176Z

cve-icon NVD

Status : Modified

Published: 2024-10-02T20:15:10.927

Modified: 2024-10-31T14:15:05.723

Link: CVE-2024-43795

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.