CVE-2008-6095
https://notcve.org/view.php?id=CVE-2008-6095
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el archivo surveillanceView.htm en OpenNMS v1.5.94 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro viewName. • http://bugzilla.opennms.org/show_bug.cgi?id=2760 http://secunia.com/advisories/32101 http://www.opennms.org/documentation/ReleaseNotesUnStable.html http://www.securityfocus.com/bid/31539 https://exchange.xforce.ibmcloud.com/vulnerabilities/45616 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4320 – OpenNMS 1.5.x - 'filter' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4320
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenNMS anteriores a 1.5.94, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) "j_username" a j_acegi_security_check, (2)el parámetro "username" a notification/list.jsp, y (3) el parámetro "filter" a event/list. • https://www.exploit-db.com/exploits/32425 https://www.exploit-db.com/exploits/32423 https://www.exploit-db.com/exploits/32424 http://bugzilla.opennms.org/show_bug.cgi?id=2631 http://bugzilla.opennms.org/show_bug.cgi?id=2633 http://bugzilla.opennms.org/show_bug.cgi?id=2634 http://secunia.com/advisories/32019 http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257 http://www.securityfocus.com/bid/31410 https://exchange.xforce.ibmcloud.com/vulnerabilities/45417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •