CVE-2022-23053 MEDIUM

CVE-2022-23053: Openmct XSS via the “Condition Widget”

Vendor Nasa
Product openmct
Weakness CWE-79 · XSS
Published February 20, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.

Key dates

02Disclosure timeline

February 20, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-0862 SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter CVE-2025-28921 WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability CVE-2022-4663 Members Import <= 1.4.2 - Self Cross-Site Scripting