VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2cds-d1sq-9bcv

Essentials
Severities (31)
References (9)
Severity details (26)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2cds-d1sq-9bcv
Aliases	CVE-2024-43795 GHSA-vfj8-5pj7-2f9g PYSEC-2024-100
Summary	OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.01528	https://api.first.org/data/v1/epss?cve=CVE-2024-43795
epss	0.01528	https://api.first.org/data/v1/epss?cve=CVE-2024-43795
epss	0.01528	https://api.first.org/data/v1/epss?cve=CVE-2024-43795
epss	0.01528	https://api.first.org/data/v1/epss?cve=CVE-2024-43795
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-vfj8-5pj7-2f9g
cvssv3.1	6.1	https://github.com/OpenC3/cosmos
cvssv4	5.1	https://github.com/OpenC3/cosmos
generic_textual	MODERATE	https://github.com/OpenC3/cosmos
cvssv3.1	6.1	https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e
cvssv4	5.1	https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e
generic_textual	MODERATE	https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e
ssvc	Track	https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e
cvssv3	6.1	https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
cvssv3.1	6.1	https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
cvssv3.1_qr	MODERATE	https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
cvssv4	5.1	https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
generic_textual	MODERATE	https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
ssvc	Track	https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
cvssv3.1	6.1	https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-100.yaml
cvssv4	5.1	https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-100.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-100.yaml
cvssv3.1	6.1	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openc3/CVE-2024-43795.yml
cvssv4	5.1	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openc3/CVE-2024-43795.yml
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openc3/CVE-2024-43795.yml
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-43795
cvssv4	5.1	https://nvd.nist.gov/vuln/detail/CVE-2024-43795
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-43795
cvssv3.1	6.1	https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS
cvssv4	5.1	https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS
generic_textual	MODERATE	https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS
ssvc	Track	https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-43795
		https://github.com/OpenC3/cosmos
		https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-100.yaml
762d7e0e93bdc2f340b1e42acccedc78994a576e		https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e
CVE-2024-43795		https://nvd.nist.gov/vuln/detail/CVE-2024-43795
CVE-2024-43795.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openc3/CVE-2024-43795.yml
GHSA-vfj8-5pj7-2f9g		https://github.com/advisories/GHSA-vfj8-5pj7-2f9g
GHSA-vfj8-5pj7-2f9g		https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g
GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS		https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/OpenC3/cosmos

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/OpenC3/cosmos

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T19:54:26Z/ Found at https://github.com/OpenC3/cosmos/commit/762d7e0e93bdc2f340b1e42acccedc78994a576e

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T19:54:26Z/ Found at https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-100.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-100.yaml

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openc3/CVE-2024-43795.yml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openc3/CVE-2024-43795.yml

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43795

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43795

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T19:54:26Z/ Found at https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS

Exploit Prediction Scoring System (EPSS)

Percentile	0.817
EPSS Score	0.01528
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:27:05.590979+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/43xxx/CVE-2024-43795.json	38.6.0