CVE-2025-28380 Information

Jun 14, 2025 cve

Description

A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.

Reference

https://openc3.com/ https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/

CNNVD-202506-1728 (Published: 2025-06-13)

Share on: