Lucene search

GitHub Advisory DatabaseGHSA-7V39-JJJ6-J4J4

HistoryFeb 23, 2023 - 3:33 p.m.

Cross Site Scripting in OpenNMS

2023-02-2315:33:05

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

opennms

confidential information

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.0%

JSON

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information.

Affected configurations

Vulners

Node

org.opennms\Matchopennms

CPENameOperatorVersion
org.opennms:opennms-web-apile31.0.3

CPE	Name	Operator	Version
	org.opennms:opennms-web-api	le	31.0.3

References

docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.0

github.com/advisories/GHSA-7v39-jjj6-j4j4

github.com/OpenNMS/opennms/pull/5734

nvd.nist.gov/vuln/detail/CVE-2023-0869

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.0%

JSON

Related for GHSA-7V39-JJJ6-J4J4