Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9354

XSS vulnerability on node error page

    XMLWordPrintable

Details

    • Horizon - May 31st

    Description

      From report:

          Type of issue:
          Reflected Cross-site scripting 1
      
          Product and version that contains the bug:
          OpenNMS 19.1.0
      
          Any special configuration required to reproduce the issue:
          None
      
          Step-by-step instructions to reproduce the issue on a fresh install
          Once authenticated to OpenNMS, enter the following URL:
          http://localhost:8980/opennms/element/node.jsp?node=<script>alert('xss')</script>
      
          Proof-of-concept
      
          Please see screenshot reflected-xss1.png attached
      

      Attachments

        Issue Links

          Activity

            People

              j-white Jesse White
              j-white Jesse White
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: