Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NOpennms
APPOpennms1.10.01.10.11.10.101.10.111.10.121.10.131.10.141.10.21.10.31.10.41.10.51.10.61.10.71.10.81.10.9+ 29 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2016-6555HIGH7.1ten sam produkt
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP tr...
CVE-2016-6556HIGH7.1ten sam produkt
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP ag...
CVE-2015-7856HIGH10.0ten sam produkt
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtai...
CVE-2021-25932MEDIUM5.4ten sam produkt
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-...
CVE-2020-1652MEDIUM5.6ten sam produkt
OpenNMS is accessible via port 9443