Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-6571

Two XSS vulnerabilities in webapp

    XMLWordPrintable

    Details

      Description

      See support ticket https://mynms.opennms.com/Ticket/Display.html?id=3040

      There is a reflected XSS vulnerability in alarm/details.htm which can be triggered by entering <script>window.alert("gotcha!")</script> as the alarm ID in the search box of alarm/index.jsp.

      There is an additional XSS vulnerability that manifests throughout the webapp if a node's label contains a <script> tag. An untrusted actor with PROVISION_ROLE could easily exploit this vector.

        Attachments

          Activity

            People

            Assignee:
            jeffg Jeff Gehlbach
            Reporter:
            jeffg Jeff Gehlbach
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: