CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

EUVD-2025-19231

Malicious code in bioql PyPI...

EUVD-2023-2186

Malicious code in bioql PyPI...

EUVD-2023-2338

Malicious code in bioql PyPI...

EUVD-2023-45168

Malicious code in bioql PyPI...

EUVD-2023-2214

Malicious code in bioql PyPI...

EUVD-2023-2272

Malicious code in bioql PyPI...

EUVD-2023-2300

Malicious code in bioql PyPI...

CVE-2025-53121

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

CVE-2025-53121

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

CVE-2025-53121 Stored XSS in multiple 33.0.8files in opennms/opennms

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

CVE-2025-53121 Stored XSS in multiple 33.0.8files in opennms/opennms

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

CVE-2025-53121

CVE-2025-53121 : OpenNMS Horizon contains a stored XSS vulnerability on multiple nodes caused by unsanitized parameters. Affects Horizon 33.0.8 and all versions prior to 33.1.6. The issue allows an attacker to store data in the database and later render malicious HTML/JavaScript on vulnerable pag...

PT-2025-27008 · Openmns · Opennms Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 33.0.8 through 33.1.5 OpenMNS Meridian versions prior to 2024.2.6 Description: Multiple stored XSS issues were found in OpenMNS Horizon due to unsanitized parameters on different nodes, allowing an attacker to store a...

CVE-2023-40311

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

Sql injection

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

CVE-2023-40612

Summary of CVE-2023-40612 : In OpenNMS Horizon, versions 31.0.8 and earlier than 32.0.2, the file editor is accessible to users with the ROLE_FILESYSTEM_EDITOR privilege and is vulnerable to XXE injection attacks. The root cause is an XXE processing vulnerability in the file editor component. The...

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...