CVE-2023-40312

🗓️ 14 Aug 2023 17:35:26Reported by OpenNMSType

CVE-2023-40312 Multiple reflected XSS found in OpenMNS Horizon 31.0.8 and earlier version

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-40312	14 Aug 202322:19	–	circl
CNNVD	OpenNMS Horizon Cross-Site Scripting Vulnerability	14 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-40312 Reflected XSS in multiple JSP files in opennms/opennms	14 Aug 202317:35	–	cvelist
EUVD	EUVD-2023-2272	3 Oct 202520:07	–	euvd
Github Security Blog	OpenNMS vulnerable to Cross-site Scripting	14 Aug 202318:32	–	github
NVD	CVE-2023-40312	14 Aug 202318:15	–	nvd
OSV	GHSA-CHGR-J2P9-JJH8 OpenNMS vulnerable to Cross-site Scripting	14 Aug 202318:32	–	osv
Prion	Cross site scripting	14 Aug 202318:15	–	prion
Positive Technologies	PT-2023-27375 · Opennms · Opennms Horizon +1	14 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-40312	9 Jan 202609:24	–	redhatcve

NVD

Node

opennms horizonRange31.0.8–32.0.2

opennms meridianRange<2020.1.38

opennms meridianRange2022.1.0–2022.1.19

opennms meridianRange2023.1.0–2023.1.6

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "31.0.8",
        "versionType": "maven"
      },
      {
        "lessThan": "31.0.8",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThanOrEqual": "2020.1.37",
        "status": "affected",
        "version": "2020.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2021.1.29",
        "status": "affected",
        "version": "2021.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2022.1.18",
        "status": "affected",
        "version": "2022.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.1.5",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
docs	www.docs.opennms.com/horizon/32/releasenotes/changelog.html
github	www.github.com/OpenNMS/opennms/pull/6356

21 Nov 2024 08:19Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.2 - 6.7

EPSS0.00166

SSVC

CWE-79