CVE-2025-28380

Опубликовано: 13 июн. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.

Ссылки

https://github.com/OpenC3/cosmos/commit/12e3e12307afd3dbfc306f20d60400989db89883
https://github.com/OpenC3/cosmos/pull/1816
https://github.com/OpenC3/cosmos/releases/tag/v6.0.2
https://openc3.com/
Product
https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/
Exploit
Mitigation
Third Party Advisory
https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openc3:cosmos:6.0.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-pmmr-4c35-wgj4