Opennms.org Opennms 0.4.0

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

	Date	Alert	Description
4.3	2012-01-28	CVE-2012-0936	Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
4.3	2008-09-29	CVE-2008-4320	Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.

%	id	Name
100% (2)	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')

id	Description
48527	OpenNMS event/list filter Parameter XSS
48526	OpenNMS notification/list.jsp username Parameter XSS
48525	OpenNMS j_acegi_security_check j_username Parameter XSS