{"uuid": "7975adbb-f2ad-44e7-bf9e-be2b0959a5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28380", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18293", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28380\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.\n\ud83d\udccf Published: 2025-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-13T13:19:21.994Z\n\ud83d\udd17 References:\n1. https://openc3.com/\n2. https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "creation_timestamp": "2025-06-13T13:33:40.000000Z"}