Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-6571

Two XSS vulnerabilities in webapp

    XMLWordPrintable

    Details

      Description

      See support ticket https://mynms.opennms.com/Ticket/Display.html?id=3040

      There is a reflected XSS vulnerability in alarm/details.htm which can be triggered by entering <script>window.alert("gotcha!")</script> as the alarm ID in the search box of alarm/index.jsp.

      There is an additional XSS vulnerability that manifests throughout the webapp if a node's label contains a <script> tag. An untrusted actor with PROVISION_ROLE could easily exploit this vector.

        Attachments

          Activity

            People

            • Assignee:
              jeffg Jeff Gehlbach
              Reporter:
              jeffg Jeff Gehlbach
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: