Summary
Detail | |||
---|---|---|---|
Vendor | Opennms.Org | First view | 2008-09-29 |
Product | Opennms | Last view | 2012-01-28 |
Version | 0.4.0 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:opennms.org:opennms |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2012-01-28 | CVE-2012-0936 | Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. |
4.3 | 2008-09-29 | CVE-2008-4320 | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
48527 | OpenNMS event/list filter Parameter XSS |
48526 | OpenNMS notification/list.jsp username Parameter XSS |
48525 | OpenNMS j_acegi_security_check j_username Parameter XSS |