CVE-2023-40312 Reflected XSS in multiple JSP files in opennms/opennms

🗓️ 14 Aug 2023 17:35:26Reported by OpenNMSType

Opennms Reflected XSS in JSP files CVE-2023-4031

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-40312	14 Aug 202322:19	–	circl
CNNVD	OpenNMS Horizon Cross-Site Scripting Vulnerability	14 Aug 202300:00	–	cnnvd
CVE	CVE-2023-40312	14 Aug 202317:35	–	cve
EUVD	EUVD-2023-2272	3 Oct 202520:07	–	euvd
Github Security Blog	OpenNMS vulnerable to Cross-site Scripting	14 Aug 202318:32	–	github
NVD	CVE-2023-40312	14 Aug 202318:15	–	nvd
OSV	GHSA-CHGR-J2P9-JJH8 OpenNMS vulnerable to Cross-site Scripting	14 Aug 202318:32	–	osv
Prion	Cross site scripting	14 Aug 202318:15	–	prion
Positive Technologies	PT-2023-27375 · Opennms · Opennms Horizon +1	14 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-40312	9 Jan 202609:24	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "31.0.8",
        "versionType": "maven"
      },
      {
        "lessThan": "31.0.8",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThanOrEqual": "2020.1.37",
        "status": "affected",
        "version": "2020.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2021.1.29",
        "status": "affected",
        "version": "2021.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2022.1.18",
        "status": "affected",
        "version": "2022.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.1.5",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
github	www.github.com/OpenNMS/opennms/pull/6356
docs	www.docs.opennms.com/horizon/32/releasenotes/changelog.html

14 Aug 2023 17:35Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.7

EPSS0.00591

CWE-79