5 matches found
CVE-2023-0846
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Usersshould upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian andHorizon inst...
CVE-2023-0868
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Usersshould upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian andHorizon installation instructions state that they are inten...
CVE-2023-0869
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridianand Horizon installation instructions state that ...
CVE-2023-0815
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Usersshould upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian andHorizon in...
CVE-2023-0867
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Usersshould upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian andHorizon i...