Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
•added 2026/01/09 9:24 a.m.•5 views

CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

8CVSS7.1AI score0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2023/08/23 6:22 p.m.•15 views

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

5.3CVSS7.1AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
•added 2023/08/23 6:22 p.m.•25 views

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

5.3CVSS8.2AI score0.00372EPSS
Exploits0References2
NVD
NVD
•added 2023/08/14 6:15 p.m.•31 views

CVE-2023-40311

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS6.4AI score0.00653EPSS
Exploits0References3
Rows per page
Query Builder