cve/CVE-2023-45280.md at 4cdc7cc63082b60e36d1d9d956509a405762a272

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

POC

Reference

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies
https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Github

https://github.com/miguelc49/CVE-2023-45280-1
https://github.com/miguelc49/CVE-2023-45280-2
https://github.com/miguelc49/CVE-2023-45280-3
https://github.com/nomi-sec/PoC-in-GitHub

1.0 KiB Raw Blame History

CVE-2023-45280

Description

POC

Reference

Github

1.0 KiB

Raw Blame History