Vulnerability	Vulnerable Version
C Cross-site Scripting (XSS) openmct is an Open MCT core platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the `FrameComponent.vue` file in `flexibleLayout plugin`. An attacker can run arbitrary code by exploiting this vulnerability. How to fix Cross-site Scripting (XSS)? Upgrade `openmct` to version 3.1.1 or higher.	<3.1.1
M Cross-site Request Forgery (CSRF) openmct is an Open MCT core platform Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to improper input sanitization. An attacker can view sensitive information by exploiting this vulnerability. How to fix Cross-site Request Forgery (CSRF)? Upgrade `openmct` to version 3.1.1 or higher.	<3.1.1
M Cross-site Scripting (XSS) openmct is an Open MCT core platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Web Page` element, which allows malicious JavaScript injection into the ‘URL’ field. How to fix Cross-site Scripting (XSS)? Upgrade `openmct` to version 1.7.8 or higher.	<1.7.8
M Cross-site Scripting (XSS) openmct is an Open MCT core platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Summary Widget` element, that allows the injection of malicious JavaScript into the ‘URL’ field. How to fix Cross-site Scripting (XSS)? Upgrade `openmct` to version 1.7.8 or higher.	<1.7.8
M Cross-site Scripting (XSS) openmct is an Open MCT core platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Condition Widget` element, that allows the injection of malicious JavaScript into the ‘URL’ field. How to fix Cross-site Scripting (XSS)? Upgrade `openmct` to version 1.7.8 or higher.	<1.7.8

Go back to all versions of this package