OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting

2023-02-2221:30:39

CWE-79

GitHub Advisory Database

github.com

0.001 Low

EPSS

Percentile

29.5%

JSON

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information.

CPENameOperatorVersion
org.opennms:opennmslt31.0.3

CPE	Name	Operator	Version
	org.opennms:opennms	lt	31.0.3

References

docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13

github.com/advisories/GHSA-79jr-8fhm-8wv3

github.com/OpenNMS/opennms/pull/5506/files

issues.opennms.org/browse/NMS-14877

nvd.nist.gov/vuln/detail/CVE-2023-0846

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for GHSA-79JR-8FHM-8WV3