CVE-2023-40312

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

CVE-2023-0869

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state th...

PT-2023-16575 · Opennms · Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions 31.0.8 through 32.0.2 Description: The issue is related to an XML external entity XXE injection vulnerability in the /rtc/post/ endpoint, which can be used to force Horizon to make arbitrary HTTP requests to internal...

PT-2023-16572 · Opennms · Opennms Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 Description: Reflected cross-site scripting in graph results could allow an attacker to steal session cookies. The software is intended for installation with...