CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6555 – OpenNMS Stored XSS via SNMP Trap Alerts
https://notcve.org/view.php?id=CVE-2016-6555
24 Sep 2021 — OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. OpenNMS versiones 18.0.1 y anteriores, son vulnerables a un problema de tipo XSS almacenado debido a un filtrado insuficiente de los datos suministrados por las trampa... • https://github.com/OpenNMS/opennms/pull/1019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6556 – OpenNMS Stored XSS via SNMP Agent Data
https://notcve.org/view.php?id=CVE-2016-6556
24 Sep 2021 — OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. OpenNMS versiones 18.0.1 y anteriores, son vulnerables a un problema de tipo XSS almacenado debido a un filtrado insuficiente de los datos suministr... • https://github.com/OpenNMS/opennms/pull/1019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25932
https://notcve.org/view.php?id=CVE-2021-25932
01 Jun 2021 — In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. ... • https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3960
https://notcve.org/view.php?id=CVE-2014-3960
04 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en OpenNMS anterior a 1.12.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/58748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •