COSMOS Vulnerable to Reflected Cross-Site Scripting Attacks
CVE-2024-43795

6.1MEDIUM

Key Information:

Vendor: OpenC3
Status: Cosmos
Vendor: CVE Published:; 2 October 2024

What is CVE-2024-43795?

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.

References

https://github.com/OpenC3/cosmos/security/advisories/GHSA...

https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f34...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2024

CVE-2024-43795 Data

JSON