CVE-2025-28380 | THREATINT

Description

A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.

PUBLISHED Reserved 2025-03-11 | Published 2025-06-13 | Updated 2025-10-27 | Assigner mitre

References

visionspace.com/...ment-of-an-open-source-mission-framework/ exploit

openc3.com/

visionspace.com/...ment-of-an-open-source-mission-framework/

github.com/OpenC3/cosmos/releases/tag/v6.0.2

github.com/OpenC3/cosmos/pull/1816

github.com/...ommit/12e3e12307afd3dbfc306f20d60400989db89883

cve.org (CVE-2025-28380)

nvd.nist.gov (CVE-2025-28380)

Download JSON