Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5128

XSS vulnerability in OpenNMS web UI

    XMLWordPrintable

    Details

      Description

      By intentionally failing to log in with a specially crafted and invalid username, a remote attacker with access to the OpenNMS web UI can cause a logged-in user's browser to execute arbitrary Javascript code when viewing the events and/or alarms browser in the OpenNMS web UI. An attacker does not need a valid login account, but does need to be able to reach the login page, in order to exploit this vulnerability.

        Attachments

          Activity

            People

            • Assignee:
              jeffg Jeff Gehlbach
              Reporter:
              jeffg Jeff Gehlbach
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: