CVE-2023-45280
Description
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-45280
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Proof Of Concept
miguelc49
Refrence: GitHub
miguelc49
Refrence: GitHub
miguelc49
Refrence: GitHub