Maven package
org.opennms/opennms-webapp
pkg:maven/org.opennms/opennms-webapp
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40314 | — | < 32.0.5 | 32.0.5 | Nov 16, 2023 | Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon install | ||
| CVE-2023-40312 | — | >= 31.0.8, < 32.0.2 | 32.0.2 | Aug 14, 2023 | Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 202 | ||
| CVE-2023-40311 | — | >= 31.0.8, < 32.0.2 | 32.0.2 | Aug 14, 2023 | Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to | ||
| CVE-2023-0870 | — | < 31.0.6 | 31.0.6 | Mar 22, 2023 | A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 3 | ||
| CVE-2023-0868 | — | < 31.0.4 | 31.0.4 | Feb 23, 2023 | Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions stat |
- CVE-2023-40314Nov 16, 2023affected < 32.0.5fixed 32.0.5
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon install
- CVE-2023-40312Aug 14, 2023affected >= 31.0.8, < 32.0.2fixed 32.0.2
Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 202
- CVE-2023-40311Aug 14, 2023affected >= 31.0.8, < 32.0.2fixed 32.0.2
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to
- CVE-2023-0870Mar 22, 2023affected < 31.0.6fixed 31.0.6
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 3
- CVE-2023-0868Feb 23, 2023affected < 31.0.4fixed 31.0.4
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions stat