漏洞标题
无认证存储的XSS在警报减少键的显示中
漏洞描述信息
未验证的、存储型的XSS漏洞存在于显示报警减少键的展示中
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Unauthenticated, stored XSS in display of alarm reduction-key
漏洞描述信息
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users
should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization's private networks and should not be directly accessible
from the Internet.
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Opennms Group OpenNMS 跨站脚本漏洞
漏洞描述信息
Opennms Group OpenNMS是美国Opennms Group公司的一套开源的企业级网络监视和网络管理平台。 OpenNMS Horizon和Meridian 存在安全漏洞。攻击者利用该漏洞执行跨站脚本攻击,从而访问机密会话信息。
CVSS信息
N/A
漏洞类别
跨站脚本