Vulnerabilities > Spaceapplications > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-46470 Cross-site Scripting vulnerability in Spaceapplications Yacms 5.8.6
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser.
network
low complexity
spaceapplications CWE-79
5.4
5.4
2023-11-20 CVE-2023-46471 Cross-site Scripting vulnerability in Spaceapplications Yacms 5.8.6
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.
network
low complexity
spaceapplications CWE-79
5.4
5.4
2023-11-20 CVE-2023-47311 Improper Restriction of Rendered UI Layers or Frames vulnerability in Spaceapplications Yacms 5.8.6
An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.
network
low complexity
spaceapplications CWE-1021
6.1
6.1
2023-10-19 CVE-2023-45279 Cross-site Scripting vulnerability in Spaceapplications Yamcs 5.8.6
Yamcs 5.8.6 allows XSS (issue 1 of 2).
network
low complexity
spaceapplications CWE-79
5.4
5.4
2023-10-19 CVE-2023-45280 Cross-site Scripting vulnerability in Spaceapplications Yamcs 5.8.6
Yamcs 5.8.6 allows XSS (issue 2 of 2).
network
low complexity
spaceapplications CWE-79
5.4
5.4
2023-10-19 CVE-2023-45281 Cross-site Scripting vulnerability in Spaceapplications Yamcs 5.8.6
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.
network
low complexity
spaceapplications CWE-79
6.1
6.1