漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cross-site scripting in outage/list.htm
Vulnerability Description
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Opennms Group OpenNMS 跨站脚本漏洞
Vulnerability Description
Opennms Group OpenNMS是美国Opennms Group公司的一套开源的企业级网络监视和网络管理平台。 Opennms Group OpenNMS Meridian 和 Horizon存在安全漏洞,该漏洞源于outage/list.htm文件中存在跨站脚本漏洞。攻击者利用该漏洞可以访问机密会话信息。
CVSS Information
N/A
Vulnerability Type
N/A