Search criteria
22 vulnerabilities found for OpenNMS by OpenNMS
VAR-201810-0068
Vulnerability from variot - Updated: 2023-12-18 12:28A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos space",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "18.1r1"
},
{
"model": "junos space",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "18.2r1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.13.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.14"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.96"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.95"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.94"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.8.17"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.8.16"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.13.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.94"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.9"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.13"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.12"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.11"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.10"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.2.2"
},
{
"model": "junos space 15.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "15.2"
},
{
"model": "junos space 15.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r2.11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1f3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1f2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1r1.9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1.r3.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r4.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r1.9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r1.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.3"
},
{
"model": "junos space 13.1r1.6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.1p1.14",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space r1.8",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.1"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.1"
},
{
"model": "junos space 12.3r2.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 12.3r1.3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 12.3p2.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.2"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1"
},
{
"model": "junos space 11.4r5.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.2"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.1"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.4"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.0"
},
{
"model": "junos space 18.2r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcel Bilal",
"sources": [
{
"db": "BID",
"id": "105566"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-0046",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-118248",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "sirt@juniper.net",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-0046",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0046",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2018-0046",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "VULHUB",
"id": "VHN-118248"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0046",
"trust": 2.8
},
{
"db": "BID",
"id": "105566",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1041862",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10880",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118248",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"id": "VAR-201810-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:44.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10880",
"trust": 0.8,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10880\u0026actp=metadata"
},
{
"title": "Juniper Junos Space OpenNMS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86100"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://github.com/opennms/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105566"
},
{
"trust": 1.7,
"url": "https://kb.juniper.net/jsa10880"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041862"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0046"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0046"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-118248"
},
{
"date": "2018-10-10T00:00:00",
"db": "BID",
"id": "105566"
},
{
"date": "2019-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"date": "2018-10-10T18:29:00.780000",
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118248"
},
{
"date": "2018-10-10T00:00:00",
"db": "BID",
"id": "105566"
},
{
"date": "2019-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"date": "2019-10-09T23:31:05.440000",
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Junos Space Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
],
"trust": 0.6
}
}
CVE-2016-6556 (GCVE-0-2016-6556)
Vulnerability from cvelistv5 – Published: 2022-06-15 18:35 – Updated: 2024-09-16 16:43
VLAI?
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:47",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Agent Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6556",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Agent Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6556",
"datePublished": "2022-06-15T18:35:47.512689Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-16T16:43:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6555 (GCVE-0-2016-6555)
Vulnerability from cvelistv5 – Published: 2022-06-15 18:35 – Updated: 2024-09-17 01:41
VLAI?
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:43",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Trap Alerts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6555",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Trap Alerts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6555",
"datePublished": "2022-06-15T18:35:43.500923Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-17T01:41:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25932 (GCVE-0-2021-25932)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:15 – Updated: 2024-08-03 20:11
VLAI?
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:15:51",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_value": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25932",
"datePublished": "2021-06-01T11:15:51",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1652 (GCVE-0-2020-1652)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-17 01:21
VLAI?
Summary
OpenNMS is accessible via port 9443
Severity ?
5.6 (Medium)
CWE
- CWE-213 - Intentional Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
20.1 , < 20.1R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213 Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:44",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: OpenNMS is accessible via port 9443",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1652",
"datePublished": "2020-07-17T18:40:44.141916Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T01:21:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7856 (GCVE-0-2015-7856)
Vulnerability from cvelistv5 – Published: 2015-10-16 20:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-16T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/wiki/CVE-2015-0975",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7856",
"datePublished": "2015-10-16T20:00:00Z",
"dateReserved": "2015-10-16T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3960 (GCVE-0-2014-3960)
Vulnerability from cvelistv5 – Published: 2014-06-04 14:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3960",
"datePublished": "2014-06-04T14:00:00Z",
"dateReserved": "2014-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:54.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6095 (GCVE-0-2008-6095)
Vulnerability from cvelistv5 – Published: 2009-02-09 17:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6095",
"datePublished": "2009-02-09T17:00:00",
"dateReserved": "2009-02-09T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6556 (GCVE-0-2016-6556)
Vulnerability from nvd – Published: 2022-06-15 18:35 – Updated: 2024-09-16 16:43
VLAI?
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:47",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Agent Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6556",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Agent Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6556",
"datePublished": "2022-06-15T18:35:47.512689Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-16T16:43:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6555 (GCVE-0-2016-6555)
Vulnerability from nvd – Published: 2022-06-15 18:35 – Updated: 2024-09-17 01:41
VLAI?
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:43",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Trap Alerts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6555",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Trap Alerts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6555",
"datePublished": "2022-06-15T18:35:43.500923Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-17T01:41:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25932 (GCVE-0-2021-25932)
Vulnerability from nvd – Published: 2021-06-01 11:15 – Updated: 2024-08-03 20:11
VLAI?
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:15:51",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_value": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25932",
"datePublished": "2021-06-01T11:15:51",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1652 (GCVE-0-2020-1652)
Vulnerability from nvd – Published: 2020-07-17 18:40 – Updated: 2024-09-17 01:21
VLAI?
Summary
OpenNMS is accessible via port 9443
Severity ?
5.6 (Medium)
CWE
- CWE-213 - Intentional Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
20.1 , < 20.1R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213 Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:44",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: OpenNMS is accessible via port 9443",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1652",
"datePublished": "2020-07-17T18:40:44.141916Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T01:21:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7856 (GCVE-0-2015-7856)
Vulnerability from nvd – Published: 2015-10-16 20:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-16T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/wiki/CVE-2015-0975",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7856",
"datePublished": "2015-10-16T20:00:00Z",
"dateReserved": "2015-10-16T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3960 (GCVE-0-2014-3960)
Vulnerability from nvd – Published: 2014-06-04 14:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3960",
"datePublished": "2014-06-04T14:00:00Z",
"dateReserved": "2014-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:54.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6095 (GCVE-0-2008-6095)
Vulnerability from nvd – Published: 2009-02-09 17:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6095",
"datePublished": "2009-02-09T17:00:00",
"dateReserved": "2009-02-09T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2016-6555
Vulnerability from fkie_nvd - Published: 2021-09-24 21:15 - Updated: 2024-11-21 02:56
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
References
| URL | Tags | ||
|---|---|---|---|
| cve@rapid7.com | https://github.com/OpenNMS/opennms/pull/1019 | Patch, Third Party Advisory | |
| cve@rapid7.com | https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OpenNMS/opennms/pull/1019 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:opennms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3BAC5-A23C-4751-BFD5-1DF2CEA1039D",
"versionEndExcluding": "18.0.2-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
},
{
"lang": "es",
"value": "OpenNMS versiones 18.0.1 y anteriores, son vulnerables a un problema de tipo XSS almacenado debido a un filtrado insuficiente de los datos suministrados por las trampas SNMP. Al crear un trap SNMP malicioso, un atacante puede almacenar una carga \u00fatil de tipo XSS que ser\u00e1 desencadenada cuando un usuario de la Interfaz web visualice la p\u00e1gina de la lista de eventos. Este problema se ha corregido en la versi\u00f3n 18.0.2, publicada el 20 de septiembre de 2016."
}
],
"id": "CVE-2016-6555",
"lastModified": "2024-11-21T02:56:20.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T21:15:07.067",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6556
Vulnerability from fkie_nvd - Published: 2021-09-24 21:15 - Updated: 2024-11-21 02:56
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
References
| URL | Tags | ||
|---|---|---|---|
| cve@rapid7.com | https://github.com/OpenNMS/opennms/pull/1019 | Patch, Third Party Advisory | |
| cve@rapid7.com | https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OpenNMS/opennms/pull/1019 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:opennms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E3BAC5-A23C-4751-BFD5-1DF2CEA1039D",
"versionEndExcluding": "18.0.2-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
},
{
"lang": "es",
"value": "OpenNMS versiones 18.0.1 y anteriores, son vulnerables a un problema de tipo XSS almacenado debido a un filtrado insuficiente de los datos suministrados por el agente SNMP. Al crear una respuesta SNMP \"sysName\" o \"sysContact\" maliciosa, un atacante puede almacenar una carga \u00fatil de tipo XSS que ser\u00e1 desencadenada cuando un usuario de la Interfaz web visualice los datos. Este problema se ha corregido en la versi\u00f3n 18.0.2, publicada el 20 de septiembre de 2016."
}
],
"id": "CVE-2016-6556",
"lastModified": "2024-11-21T02:56:20.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T21:15:07.140",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-25932
Vulnerability from fkie_nvd - Published: 2021-06-01 12:15 - Updated: 2024-11-21 05:55
Severity ?
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F742FA60-91A2-4442-8D8F-10F613B70E96",
"versionEndIncluding": "2019.1.18-1",
"versionStartIncluding": "2015.1.0-1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4C0F58-2A22-4DF8-8619-587A41410354",
"versionEndIncluding": "2020.1.6-1",
"versionStartIncluding": "2020.1.0-1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1821256-BD55-4F32-AFC7-162C686573E5",
"versionEndIncluding": "27.1.0-1",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
},
{
"lang": "es",
"value": "En OpenNMS Horizon, versiones opennms-1-0-stable hasta opennms-27.1.0-1; OpenNMS Meridian, versiones meridian-foundation-2015.1.0-1 hasta meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 hasta meridian-foundation-2020.1.6-1 son vulnerables a ataques de tipo Cross-Site Scripting almacenados, ya que la funci\u00f3n \"validateFormInput()\" realiza comprobaciones de comprobaci\u00f3n incorrectas en la entrada enviada al par\u00e1metro \"userID\" . Debido a este fallo, un atacante podr\u00eda inyectar un script arbitrario que se almacenar\u00e1 en la base de datos"
}
],
"id": "CVE-2021-25932",
"lastModified": "2024-11-21T05:55:37.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-01T12:15:07.787",
"references": [
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
},
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
}
],
"sourceIdentifier": "vulnerabilitylab@mend.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1652
Vulnerability from fkie_nvd - Published: 2020-07-17 19:15 - Updated: 2024-11-21 05:11
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OpenNMS is accessible via port 9443
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:opennms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7530EC8-63B6-4C2D-B4DC-536355C215EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
},
{
"lang": "es",
"value": "OpenNMS puede ser accedida por medio del puerto 9443"
}
],
"id": "CVE-2020-1652",
"lastModified": "2024-11-21T05:11:05.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-17T19:15:13.813",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-213"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7856
Vulnerability from fkie_nvd - Published: 2015-10-16 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:opennms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7530EC8-63B6-4C2D-B4DC-536355C215EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
},
{
"lang": "es",
"value": "OpenNMS tiene una contrase\u00f1a por defecto de rtc para la cuenta rtc, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso aprovechando conocer las credenciales."
}
],
"id": "CVE-2015-7856",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-16T20:59:17.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3960
Vulnerability from fkie_nvd - Published: 2014-06-04 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:opennms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE1B61-54F1-4C33-804D-7046283FACC1",
"versionEndIncluding": "1.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB8E149-D400-47E4-8185-118962F38216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E1350D-AA86-41B9-AFF4-8E71BDB8F502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C7E1F5-19FF-4047-BB45-EAF2411774BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B004DE5-D945-4D3A-99CA-E4499B4D2D3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4B55A4-156C-471F-AD98-1DA73F731656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C4DE5844-E9EA-4804-BA2C-B655731C2806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "964DA1E2-531A-4E9F-ABB8-412E20F650BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A340575-769F-43EB-86F9-630E8AFC42C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "530B5A89-B0B6-46FB-B2B1-78C8FA6A0A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.90:*:*:*:*:*:*:*",
"matchCriteriaId": "713E0914-D06D-49B5-BF19-C82BF690EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E086AAB1-872B-4837-A81F-03E6E1176BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.92:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F555D4-7791-4757-B189-91C2EA2E156D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.9.93:*:*:*:*:*:*:*",
"matchCriteriaId": "A12A6B5B-E50B-4E6E-9401-171AEA2A944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "203991AE-A7C4-4DC3-8FE3-B183553E95B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B82EA59-A325-42CD-B82B-CFC63591BF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20860B36-F965-4605-A942-20DFDF9FF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F488842F-6F00-46CC-BF40-B664BF9F18E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3E9F6B-A9BB-45E2-88B9-6BB9F890B884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC947C4-DDB0-487A-9CBB-E4E252DF8436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92351679-2FDE-405A-B896-4FAFECCA05DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4128AB85-A410-471F-ADE5-08C3BACE4BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F8323FE6-EFB9-4CDD-B1D9-BB15FBBF72E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D364F5E-363E-4059-BCFB-9AD2E39D382A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8AAC8475-7ADC-41DD-9CD4-E6A873428B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "83A1B7AA-7081-4CD1-93A3-0A9D85F079DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF32F64-098E-4A36-9D28-40E9A1C6F373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "38C336E7-1B97-4394-9E33-F5D048654CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F646ACC2-F668-4682-B676-2F653579D0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB09E4F1-FDCA-4711-A9B5-1E7D4E16D5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57607094-2E64-4A9A-9442-0A5B75C61A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99720A9E-51D7-4A76-80EE-21E8A9AA4407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC1AEFD-B3B8-4127-9120-EAFBD78F1D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.90:*:*:*:*:*:*:*",
"matchCriteriaId": "22B94894-91D0-4ED3-A932-730004DF4327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.91:*:*:*:*:*:*:*",
"matchCriteriaId": "329B6328-4D46-4356-A423-496096967657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.92:*:*:*:*:*:*:*",
"matchCriteriaId": "D845B751-9190-4A3C-BD68-14A6D77D1F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.93:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA44DA3-25A2-4D69-BAC4-7A1E91F5E11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.11.94:*:*:*:*:*:*:*",
"matchCriteriaId": "3019863B-C16F-40D6-B3EC-121E8691468B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC9B0F7-8BB2-48F0-ADB8-B8E4A3F06ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF7DAD8-C8C7-4CBE-B519-5954D355DBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71ED2D93-52BE-49F2-8799-F574DC50D182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0EB387-D9BE-4C90-B670-2273D1A19761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8BCAF0-4E9B-43B0-A510-E53F10A76B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opennms:opennms:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC92D17-E2AB-4FC1-A9D6-A4709803CFCB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en OpenNMS anterior a 1.12.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3960",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:06.560",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58748"
},
{
"source": "cve@mitre.org",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6095
Vulnerability from fkie_nvd - Published: 2009-02-09 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opennms:opennms:1.5.94:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FB87DC-F1A5-416E-A4BD-961A3AB7A26B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el archivo surveillanceView.htm en OpenNMS v1.5.94 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s del par\u00e1metro viewName."
}
],
"id": "CVE-2008-6095",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-09T17:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32101"
},
{
"source": "cve@mitre.org",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}