Lucene search
K

237 matches found

OSV
OSV
added 2023/08/14 6:32 p.m.20 views

GHSA-QFW7-PFXX-H9Q2 OpenNMS vulnerable to Cross-site Scripting

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS5.5AI score0.00653EPSS
Exploits0References6
NVD
NVD
added 2023/08/14 6:15 p.m.31 views

CVE-2023-40311

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS6.4AI score0.00653EPSS
Exploits0References3
NVD
NVD
added 2023/08/14 6:15 p.m.30 views

CVE-2023-40312

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

6.7CVSS6.4AI score0.00591EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 6:15 p.m.32 views

CVE-2023-0872

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS8.1AI score0.02951EPSS
Exploits3References2
Prion
Prion
added 2023/08/14 6:15 p.m.16 views

Cross site scripting

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

3.8CVSS4.8AI score0.00653EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/08/14 6:15 p.m.15 views

Cross site scripting

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

4.3CVSS5AI score0.00591EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/08/14 6:15 p.m.23 views

Privilege escalation

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

5.2CVSS7.8AI score0.02951EPSS
Exploits3References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/14 5:35 p.m.11 views

CVE-2023-40312 Reflected XSS in multiple JSP files in opennms/opennms

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

6.7CVSS6.1AI score0.00591EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/14 5:35 p.m.28 views

CVE-2023-40312 Reflected XSS in multiple JSP files in opennms/opennms

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

6.7CVSS6.5AI score0.00591EPSS
Exploits0References2
OSV
OSV
added 2023/08/14 5:35 p.m.18 views

CVE-2023-40312 Reflected XSS in multiple JSP files in opennms/opennms

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

6.7CVSS6.2AI score0.00591EPSS
Exploits0References5
CVE
CVE
added 2023/08/14 5:31 p.m.43 views

CVE-2023-40311

CVE-2023-40311 affects OpenNMS Horizon/OpenMNS: multiple stored XSS via unsanitized parameters in JSP files on Horizon 31.0.8 and versions prior to 32.0.2. Attackers could store data in the database and render via JSPs/Angular templates. Mitigation: upgrade to Horizon 32.0.2+ or Meridian equivale...

6.7CVSS5.6AI score0.00653EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/08/14 5:31 p.m.14 views

CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS6AI score0.00653EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/08/14 5:31 p.m.14 views

CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS5.9AI score0.00653EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/14 5:31 p.m.25 views

CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS6.4AI score0.00653EPSS
Exploits0References3
CVE
CVE
added 2023/08/14 5:21 p.m.2729 views

CVE-2023-0872

OpenNMS Horizon CVE-2023-0872 affects Horizon REST API users endpoint in Horizon 31.0.8 and older than 32.0.2, enabling privilege elevation (to admin) via REST. The issue stems from role escalation between ROLE_REST and ROLE_ADMIN when accessing /rest/users, with confirmed guidance that upgrading...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/14 5:21 p.m.18 views

CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS6.7AI score0.02951EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/08/14 5:21 p.m.46 views

CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS8.3AI score0.02951EPSS
Exploits3References2
OSV
OSV
added 2023/08/14 5:21 p.m.44 views

CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS5.9AI score0.02951EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.5 views

PT-2023-27375 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.6 Meridian versions prior to 2022.1.19 Meridian versions prior to 2021.1.30 Meridian versions prior to 2020.1.38 Description: Multiple reflected XSS were found o...

6.7CVSS5AI score0.00591EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.5 views

PT-2023-16576 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian affected versions not specified Description: The Horizon REST API includes a "users" endpoint that is vulnerable to elevation of privilege. The solution is to upgrade to a newer version...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References15
Rows per page
Query Builder