{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36882?format=json","vulnerability_id":"VCID-yesy-u1x3-mugs","summary":"OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.","aliases":[{"alias":"CVE-2024-47529"},{"alias":"GHSA-4xqv-47rm-37mm"},{"alias":"PYSEC-2024-121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43559?format=json","purl":"pkg:pypi/openc3@5.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.19.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43537?format=json","purl":"pkg:pypi/openc3@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43538?format=json","purl":"pkg:pypi/openc3@5.9.2b0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.9.2b0"},{"url":"http://public2.vulnerablecode.io/api/packages/43539?format=json","purl":"pkg:pypi/openc3@5.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43540?format=json","purl":"pkg:pypi/openc3@5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43541?format=json","purl":"pkg:pypi/openc3@5.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43542?format=json","purl":"pkg:pypi/openc3@5.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43543?format=json","purl":"pkg:pypi/openc3@5.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43544?format=json","purl":"pkg:pypi/openc3@5.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.11.3"},{"url":"http://public2.vulnerablecode.io/api/packages/43545?format=json","purl":"pkg:pypi/openc3@5.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43546?format=json","purl":"pkg:pypi/openc3@5.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43547?format=json","purl":"pkg:pypi/openc3@5.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43548?format=json","purl":"pkg:pypi/openc3@5.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43549?format=json","purl":"pkg:pypi/openc3@5.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43550?format=json","purl":"pkg:pypi/openc3@5.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43551?format=json","purl":"pkg:pypi/openc3@5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43552?format=json","purl":"pkg:pypi/openc3@5.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.15.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43553?format=json","purl":"pkg:pypi/openc3@5.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43554?format=json","purl":"pkg:pypi/openc3@5.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43555?format=json","purl":"pkg:pypi/openc3@5.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/43556?format=json","purl":"pkg:pypi/openc3@5.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/43557?format=json","purl":"pkg:pypi/openc3@5.17.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.17.1"},{"url":"http://public2.vulnerablecode.io/api/packages/43558?format=json","purl":"pkg:pypi/openc3@5.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6b83-e5m9-efhj"},{"vulnerability":"VCID-m4c7-smwp-dkdq"},{"vulnerability":"VCID-s699-9pwv-k3ek"},{"vulnerability":"VCID-yesy-u1x3-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/openc3@5.18.0"}],"references":[{"reference_url":"https://github.com/OpenC3/cosmos/commit/b5ab34fe7fa54c0c8171c4aa3caf4e03d6f63bd7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://github.com/OpenC3/cosmos/commit/b5ab34fe7fa54c0c8171c4aa3caf4e03d6f63bd7"},{"reference_url":"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS"}],"weaknesses":[],"exploits":[],"severity_range_score":"6.5 - 6.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yesy-u1x3-mugs"}