N/A

Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.

N/A

N/A

Yamcs 跨站脚本漏洞

Yamcs是Yamcs开源的一个开源软件框架。用于指挥和控制航天器、卫星、有效载荷、地面站和地面设备。 Yamcs 5.8.6 版本存在安全漏洞，该漏洞源于通过某种方法可以上传包含任意 JavaScript 的 HTML 文件，然后导航到该文件。

N/A

N/A