Vulnerabilities > Opennms > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-24 CVE-2016-6555 Cross-site Scripting vulnerability in Opennms
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data.
network
opennms CWE-79
4.3
2021-09-24 CVE-2016-6556 Cross-site Scripting vulnerability in Opennms
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data.
network
opennms CWE-79
4.3
2021-05-20 CVE-2021-25931 Cross-Site Request Forgery (CSRF) vulnerability in Opennms Horizon and Meridian
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`.
network
opennms CWE-352
6.8
2021-05-20 CVE-2021-25933 Cross-site Scripting vulnerability in Opennms Horizon and Meridian
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters.
network
low complexity
opennms CWE-79
4.8
2021-05-20 CVE-2021-25930 Cross-Site Request Forgery (CSRF) vulnerability in Opennms Horizon and Meridian
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user.
network
opennms CWE-352
4.3
2021-02-17 CVE-2021-3396 Unspecified vulnerability in Opennms Horizon, Meridian and Newts
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
network
low complexity
opennms
6.5
2020-05-11 CVE-2020-12760 Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7.
network
low complexity
opennms CWE-502
6.5
2020-04-17 CVE-2020-11886 SQL Injection vulnerability in Opennms Horizon and Meridian
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm.
network
low complexity
opennms CWE-89
5.5
2014-06-04 CVE-2014-3960 Cross-Site Scripting vulnerability in Opennms
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
opennms CWE-79
4.3
2009-02-09 CVE-2008-6095 Cross-Site Scripting vulnerability in Opennms 1.5.94
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
network
opennms CWE-79
4.3