3 matches found
CVE-2023-0869
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state th...
CVE-2023-40311
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....
PT-2023-16572 · Opennms · Opennms Meridian +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 Description: Reflected cross-site scripting in graph results could allow an attacker to steal session cookies. The software is intended for installation with...