Search criteria
8 vulnerabilities by spaceapplications
CVE-2023-46470 (GCVE-0-2023-46470)
Vulnerability from cvelistv5 – Published: 2023-11-20 00:00 – Updated: 2024-08-02 20:45
VLAI
Summary
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:41.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T20:17:22.357Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46470",
"datePublished": "2023-11-20T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-02T20:45:41.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46471 (GCVE-0-2023-46471)
Vulnerability from cvelistv5 – Published: 2023-11-20 00:00 – Updated: 2025-06-10 13:47
VLAI
Summary
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.
Severity
5.4 (Medium)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:41.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46471",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T13:46:14.604182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:47:30.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T20:22:28.096Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46471",
"datePublished": "2023-11-20T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2025-06-10T13:47:30.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47311 (GCVE-0-2023-47311)
Vulnerability from cvelistv5 – Published: 2023-11-20 00:00 – Updated: 2024-08-02 21:09
VLAI
Summary
An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T20:40:29.685Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.linkedin.com/pulse/more-xss-clickjacking-yamcs-v586-visionspace-technologies-uvevf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47311",
"datePublished": "2023-11-20T00:00:00.000Z",
"dateReserved": "2023-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:09:36.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45280 (GCVE-0-2023-45280)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-08-02 20:21
VLAI
Summary
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There\u0027s a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:50:38.661Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45280",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T20:21:15.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45277 (GCVE-0-2023-45277)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-08-02 20:14
VLAI
Summary
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T16:28:18.356Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45277",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T20:14:19.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45278 (GCVE-0-2023-45278)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-08-02 20:21
VLAI
Summary
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T16:33:08.513Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45278",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T20:21:15.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45279 (GCVE-0-2023-45279)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-08-02 20:21
VLAI
Summary
Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There\u0027s a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T21:47:14.646Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7"
},
{
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45279",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T20:21:15.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45281 (GCVE-0-2023-45281)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-08-02 20:21
VLAI
Summary
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T16:49:54.642Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45281",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T20:21:15.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}