cve/CVE-2023-45280.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

POC

Reference

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Github

https://github.com/miguelc49/CVE-2023-45280-1
https://github.com/miguelc49/CVE-2023-45280-2
https://github.com/miguelc49/CVE-2023-45280-3
https://github.com/nomi-sec/PoC-in-GitHub

974 B Raw Blame History

CVE-2023-45280

Description

POC

Reference

Github

974 B

Raw Blame History