Vendor
Opennms
Products
1
CVEs
7
Across products
191
Status
Private
Products
1- 191 CVEs
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-4320 | 0.03 | — | 0.02 | Sep 29, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. | ||
| CVE-2016-6556 | 0.00 | — | 0.00 | Jun 15, 2022 | OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. | ||
| CVE-2016-6555 | 0.00 | — | 0.00 | Jun 15, 2022 | OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. | ||
| CVE-2015-7856 | 0.00 | — | 0.02 | Oct 16, 2015 | OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | ||
| CVE-2014-3960 | 0.00 | — | 0.00 | Jun 4, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2012-0936 | 0.00 | — | 0.00 | Jan 29, 2012 | Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. | ||
| CVE-2008-6095 | 0.00 | — | 0.00 | Feb 9, 2009 | Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter. |