2 matches found
CVE-2023-0846 Unauthenticated, stored XSS in display of alarm reduction-key
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon...
CVE-2023-0846
CVE-2023-0846 is an unauthenticated, stored cross-site scripting vulnerability in OpenNMS Horizon and Meridian, affecting the display of alarm reduction keys. The root cause is described as inadequate protection of the web page structure, enabling an attacker to access confidential session inform...