Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated, stored XSS in display of alarm reduction-key
Vulnerability Description
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Opennms Group OpenNMS 跨站脚本漏洞
Vulnerability Description
Opennms Group OpenNMS是美国Opennms Group公司的一套开源的企业级网络监视和网络管理平台。 OpenNMS Horizon和Meridian 存在安全漏洞。攻击者利用该漏洞执行跨站脚本攻击,从而访问机密会话信息。
CVSS Information
N/A
Vulnerability Type
N/A