CVE-2024-43795
CVSS V2 None
CVSS V3 None
Description
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.
Overview
- CVE ID
- CVE-2024-43795
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-02T19:13:02.062Z
- Last Modified Date
- 2024-10-02T19:54:35.777Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g | x_refsource_CONFIRM |
https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43795 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43795 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-06 23:55:56 | Added to TrackCVE |