Cross-Site Scripting Vulnerabilities in NASA Fprime by NASA
CVE-2024-55029

6.1MEDIUM

Key Information:

Vendor: NASA
Status: Fprime
Vendor: CVE Published:; 25 March 2025

What is CVE-2024-55029?

NASA Fprime v3.4.3 has been found to have multiple vulnerabilities related to cross-site scripting (XSS). These vulnerabilities allow attackers to inject malicious scripts into web pages viewed by users. Exploiting these vulnerabilities can lead to unauthorized actions on behalf of users and compromise sensitive data. Organizations using Fprime should prioritize patching these vulnerabilities to safeguard their systems against potential exploitation.

References

https://visionspace.com/remote-code-execution-and-critica...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Dec 6, 2024