CVE-2023-40311

🗓️ 14 Aug 2023 17:31:29Reported by OpenNMSType

CVE-2023-40311 stored XSS in OpenMNS Horizon 31.0.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-40311	14 Aug 202322:19	–	circl
CNNVD	OpenNMS Horizon Cross-Site Scripting Vulnerability	14 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms	14 Aug 202317:31	–	cvelist
EUVD	EUVD-2023-2338	3 Oct 202520:07	–	euvd
Github Security Blog	OpenNMS vulnerable to Cross-site Scripting	14 Aug 202318:32	–	github
NVD	CVE-2023-40311	14 Aug 202318:15	–	nvd
OSV	GHSA-QFW7-PFXX-H9Q2 OpenNMS vulnerable to Cross-site Scripting	14 Aug 202318:32	–	osv
Prion	Cross site scripting	14 Aug 202318:15	–	prion
RedhatCVE	CVE-2023-40311	23 May 202504:43	–	redhatcve
Vulnrichment	CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms	14 Aug 202317:31	–	vulnrichment

NVD

Node

opennms horizonRange31.0.8–32.0.2

opennms meridianRange<2020.1.38

opennms meridianRange2022.1.0–2022.1.19

opennms meridianRange2023.1.0–2023.1.6

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "31.0.8",
        "versionType": "maven"
      },
      {
        "lessThan": "31.0.8",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "MacOS"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThanOrEqual": "2020.1.37",
        "status": "affected",
        "version": "2020.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2021.1.29",
        "status": "affected",
        "version": "2021.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2022.1.18",
        "status": "affected",
        "version": "2022.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.1.5",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
github	www.github.com/OpenNMS/opennms
github	www.github.com/OpenNMS/opennms/pull/6365
github	www.github.com/OpenNMS/opennms/pull/6366

21 Nov 2024 08:19Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.14.8 - 6.7

EPSS0.00148

SSVC

CWE-79