Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

XSS vulnerability in OpenNMS web UI

Description

By intentionally failing to log in with a specially crafted and invalid username, a remote attacker with access to the OpenNMS web UI can cause a logged-in user's browser to execute arbitrary Javascript code when viewing the events and/or alarms browser in the OpenNMS web UI. An attacker does not need a valid login account, but does need to be able to reach the login page, in order to exploit this vulnerability.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Gabriela Lopez January 30, 2023 at 6:15 PM

Information Security rated as a medium.

CVSS: 6.3 x med likelihood .8 = 5.0

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:P/RL:O/RC:R/CR:H/IR:H/AR:H/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X

Benjamin Reed February 7, 2012 at 3:34 PM

this was fixed a bit ago, just never got marked as such

Jeff Gehlbach January 19, 2012 at 11:30 AM

Updating issue in advance of releases containing fix.

Fixed

Details

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

PagerDuty

Created January 9, 2012 at 12:30 PM
Updated January 30, 2023 at 6:15 PM
Resolved February 7, 2012 at 3:34 PM