CVE-2023-45279 in Yamcs
Summary
by MITRE • 10/25/2023
Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/28/2025
The vulnerability identified as CVE-2023-45279 represents a cross-site scripting flaw within Yamcs version 5.8.6 that stems from inadequate input validation and sanitization mechanisms. This security weakness exists within Yamcs' bucket storage system, which serves as the primary data repository for the application and permits unrestricted file uploads regardless of content type or format. The vulnerability manifests when malicious actors exploit the bucket's file upload functionality to introduce JavaScript code that can be executed within the context of other users' browser sessions.
The technical exploitation of this vulnerability occurs through a carefully crafted upload process where attackers can place malicious JavaScript files into the bucket storage system. Once uploaded, these files can be referenced within display configurations that are subsequently loaded through the application's user interface. When legitimate users navigate to the telemetry section and select the compromised display, the embedded JavaScript executes in their browser context, potentially allowing attackers to steal session cookies, perform unauthorized actions on behalf of users, or redirect them to malicious websites. This represents a classic server-side request forgery vulnerability that enables client-side code execution.
The operational impact of this vulnerability extends beyond simple data theft or session hijacking, as it can enable sophisticated attack chains that leverage the compromised user context to access additional system resources or escalate privileges within the Yamcs environment. The vulnerability's severity is compounded by the fact that it operates silently without requiring authentication to the bucket storage system itself, making it particularly dangerous in environments where multiple users interact with the same telemetry displays. Attackers can create persistent backdoors through display configurations that remain active until manually removed, potentially allowing for long-term surveillance or unauthorized access to telemetry data.
Mitigation strategies for this vulnerability should focus on implementing strict input validation and content type checking for all file uploads to the bucket storage system. The application should sanitize all user-supplied data and implement proper content security policies to prevent execution of unauthorized scripts. Additionally, access controls should be enforced to limit who can upload or modify display configurations within the telemetry interface. Organizations should also implement regular security scanning of uploaded files and consider implementing web application firewalls to detect and block malicious upload attempts. This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and follows attack patterns documented in the ATT&CK framework under T1566 for credential access and T1059 for command and script injection techniques.