VDB
KO
MEDIUM 6.1

PYSEC-2025-254

Details

A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / openc3
Introduced in: 0

No fixed version published yet for openc3 (pip). Pin to a known-safe version or switch to an alternative.

References