Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from....
5.4CVSS
5.2AI Score
0.0004EPSS
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the...
5.4CVSS
5.4AI Score
0.0004EPSS
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML...
6.1CVSS
7.1AI Score
0.0005EPSS
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE...
9.1CVSS
9.1AI Score
0.001EPSS
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary...
7.5CVSS
7.5AI Score
0.001EPSS