HIGH🇬🇧 English

CVE-2016-6555

CVSS 7.1v3.1pub. 2021-09-24upd. 2024-11-21

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
  • Opennms

    APP
    Opennms
    < 18.0.2-1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2016-6556HIGH7.1ten sam produkt

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP ag...

CVE-2015-7856HIGH10.0ten sam produkt

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtai...

CVE-2021-25932MEDIUM5.4ten sam produkt

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-...

CVE-2020-1652MEDIUM5.6ten sam produkt

OpenNMS is accessible via port 9443

CVE-2014-3960MEDIUM4.3ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject ...

CVE-2016-6555 — HIGH 7.1 | CVEbaza.pl