Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5128

XSS vulnerability in OpenNMS web UI

    XMLWordPrintable

    Details

      Description

      By intentionally failing to log in with a specially crafted and invalid username, a remote attacker with access to the OpenNMS web UI can cause a logged-in user's browser to execute arbitrary Javascript code when viewing the events and/or alarms browser in the OpenNMS web UI. An attacker does not need a valid login account, but does need to be able to reach the login page, in order to exploit this vulnerability.

        Attachments

          Activity

            People

            Assignee:
            jeffg Jeff Gehlbach
            Reporter:
            jeffg Jeff Gehlbach
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: