RSS   Vulnerabilities for 'Opennms'   RSS

2021-09-24
 
CVE-2016-6555

CWE-79
 

 
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.

 
 
CVE-2016-6556

CWE-79
 

 
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.

 
2015-10-16
 
CVE-2015-7856

 

 
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

 
2014-06-04
 
CVE-2014-3960

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2009-02-09
 
CVE-2008-6095

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.

 

 >>> Vendor: Opennms 6 Products
Opennms
Opennms horizon
Opennms meridian
Horizon
Meridian
Newts


Copyright 2021, cxsecurity.com

 

Back to Top