OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NOpennms
APPOpennms< 18.0.2-1
Powiązane podatności
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP tr...
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtai...
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-...
OpenNMS is accessible via port 9443
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject ...