CVSS: 6.1EPSS: 0%CPEs: 119EXPL: 0CVE-2012-0936
https://notcve.org/view.php?id=CVE-2012-0936
29 Jan 2012 — Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java en OpenNMS v1.8.x antes de v1.8.17, v1.9.93 y anteriores, ... • http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 28EXPL: 7CVE-2008-4320 – OpenNMS 1.5.x - 'filter' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4320
29 Sep 2008 — Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenNMS anteriores a 1.5.94, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a travé... • https://www.exploit-db.com/exploits/32425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •