Search criteria
15 vulnerabilities found for OpenNMS by OpenNMS
VAR-201810-0068
Vulnerability from variot - Updated: 2024-11-23 22:17A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos space",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "18.1r1"
},
{
"model": "junos space",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "18.2r1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.13.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.14"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.96"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.95"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.94"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.8.17"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.8.16"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.13.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.94"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.9"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.13"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.12"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.11"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.10"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.2.2"
},
{
"model": "junos space 15.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "15.2"
},
{
"model": "junos space 15.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r2.11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1f3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1f2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1r1.9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1.r3.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r4.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r1.9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r1.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.3"
},
{
"model": "junos space 13.1r1.6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.1p1.14",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space r1.8",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.1"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.1"
},
{
"model": "junos space 12.3r2.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 12.3r1.3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 12.3p2.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.2"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1"
},
{
"model": "junos space 11.4r5.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.2"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.1"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.4"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.0"
},
{
"model": "junos space 18.2r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:juniper:junos_space",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcel Bilal",
"sources": [
{
"db": "BID",
"id": "105566"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0046",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-118248",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0046",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "sirt@juniper.net",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0046",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0046",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2018-0046",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0046",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "VULHUB",
"id": "VHN-118248"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0046",
"trust": 2.8
},
{
"db": "BID",
"id": "105566",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1041862",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10880",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118248",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"id": "VAR-201810-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:17:17.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10880",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10880\u0026actp=METADATA"
},
{
"title": "Juniper Junos Space OpenNMS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86100"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://github.com/opennms/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105566"
},
{
"trust": 1.7,
"url": "https://kb.juniper.net/jsa10880"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041862"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0046"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0046"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-118248"
},
{
"date": "2018-10-10T00:00:00",
"db": "BID",
"id": "105566"
},
{
"date": "2019-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"date": "2018-10-10T18:29:00.780000",
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118248"
},
{
"date": "2018-10-10T00:00:00",
"db": "BID",
"id": "105566"
},
{
"date": "2019-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-514"
},
{
"date": "2024-11-21T03:37:25.467000",
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Junos Space Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
],
"trust": 0.6
}
}
CVE-2016-6556 (GCVE-0-2016-6556)
Vulnerability from cvelistv5 – Published: 2022-06-15 18:35 – Updated: 2024-09-16 16:43
VLAI?
Title
OpenNMS Stored XSS via SNMP Agent Data
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:47",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Agent Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6556",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Agent Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6556",
"datePublished": "2022-06-15T18:35:47.512689Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-16T16:43:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6555 (GCVE-0-2016-6555)
Vulnerability from cvelistv5 – Published: 2022-06-15 18:35 – Updated: 2024-09-17 01:41
VLAI?
Title
OpenNMS Stored XSS via SNMP Trap Alerts
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:43",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Trap Alerts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6555",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Trap Alerts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6555",
"datePublished": "2022-06-15T18:35:43.500923Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-17T01:41:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25932 (GCVE-0-2021-25932)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:15 – Updated: 2024-08-03 20:11
VLAI?
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:15:51",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_value": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25932",
"datePublished": "2021-06-01T11:15:51",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1652 (GCVE-0-2020-1652)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-17 01:21
VLAI?
Title
Junos Space: OpenNMS is accessible via port 9443
Summary
OpenNMS is accessible via port 9443
Severity ?
5.6 (Medium)
CWE
- CWE-213 - Intentional Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
20.1 , < 20.1R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213 Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:44",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: OpenNMS is accessible via port 9443",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1652",
"datePublished": "2020-07-17T18:40:44.141916Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T01:21:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7856 (GCVE-0-2015-7856)
Vulnerability from cvelistv5 – Published: 2015-10-16 20:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-16T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/wiki/CVE-2015-0975",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7856",
"datePublished": "2015-10-16T20:00:00Z",
"dateReserved": "2015-10-16T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3960 (GCVE-0-2014-3960)
Vulnerability from cvelistv5 – Published: 2014-06-04 14:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3960",
"datePublished": "2014-06-04T14:00:00Z",
"dateReserved": "2014-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:54.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6095 (GCVE-0-2008-6095)
Vulnerability from cvelistv5 – Published: 2009-02-09 17:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6095",
"datePublished": "2009-02-09T17:00:00",
"dateReserved": "2009-02-09T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6556 (GCVE-0-2016-6556)
Vulnerability from nvd – Published: 2022-06-15 18:35 – Updated: 2024-09-16 16:43
VLAI?
Title
OpenNMS Stored XSS via SNMP Agent Data
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:47",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Agent Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6556",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Agent Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6556",
"datePublished": "2022-06-15T18:35:47.512689Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-16T16:43:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6555 (GCVE-0-2016-6555)
Vulnerability from nvd – Published: 2022-06-15 18:35 – Updated: 2024-09-17 01:41
VLAI?
Title
OpenNMS Stored XSS via SNMP Trap Alerts
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:43",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Trap Alerts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6555",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Trap Alerts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6555",
"datePublished": "2022-06-15T18:35:43.500923Z",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-09-17T01:41:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25932 (GCVE-0-2021-25932)
Vulnerability from nvd – Published: 2021-06-01 11:15 – Updated: 2024-08-03 20:11
VLAI?
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:15:51",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_value": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25932",
"datePublished": "2021-06-01T11:15:51",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1652 (GCVE-0-2020-1652)
Vulnerability from nvd – Published: 2020-07-17 18:40 – Updated: 2024-09-17 01:21
VLAI?
Title
Junos Space: OpenNMS is accessible via port 9443
Summary
OpenNMS is accessible via port 9443
Severity ?
5.6 (Medium)
CWE
- CWE-213 - Intentional Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
20.1 , < 20.1R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213 Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:44",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: OpenNMS is accessible via port 9443",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1652",
"datePublished": "2020-07-17T18:40:44.141916Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T01:21:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7856 (GCVE-0-2015-7856)
Vulnerability from nvd – Published: 2015-10-16 20:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-16T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/wiki/CVE-2015-0975",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7856",
"datePublished": "2015-10-16T20:00:00Z",
"dateReserved": "2015-10-16T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3960 (GCVE-0-2014-3960)
Vulnerability from nvd – Published: 2014-06-04 14:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3960",
"datePublished": "2014-06-04T14:00:00Z",
"dateReserved": "2014-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:54.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6095 (GCVE-0-2008-6095)
Vulnerability from nvd – Published: 2009-02-09 17:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6095",
"datePublished": "2009-02-09T17:00:00",
"dateReserved": "2009-02-09T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}