CVE-2022-22126: Openmct XSS via the “Web Page” element
First published: Sun Feb 20 2022(Updated: )
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.
Credit: vulnerabilitylab@mend.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nasa openmct | >=1.3.0<=1.7.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-22126.
What is the severity of CVE-2022-22126?
The severity of CVE-2022-22126 is medium with a CVSS score of 6.1.
What is the affected software?
The affected software is Openmct versions 1.3.0 to 1.7.7.
How does CVE-2022-22126 work?
CVE-2022-22126 allows for stored XSS attacks via the 'Web Page' element by injecting malicious JavaScript into the 'URL' field.
Is there a fix available for CVE-2022-22126?
Yes, a fix is available for CVE-2022-22126. Update to Openmct version 1.7.8 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/title
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/nasa
- canonical/nasa openmct
- version/nasa openmct/1.3.0
- version/nasa openmct/1.7.7