Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9354

XSS vulnerability on node error page

    XMLWordPrintable

    Details

    • Sprint:
      Horizon - May 31st

      Description

      From report:

          Type of issue:
          Reflected Cross-site scripting 1
      
          Product and version that contains the bug:
          OpenNMS 19.1.0
      
          Any special configuration required to reproduce the issue:
          None
      
          Step-by-step instructions to reproduce the issue on a fresh install
          Once authenticated to OpenNMS, enter the following URL:
          http://localhost:8980/opennms/element/node.jsp?node=<script>alert('xss')</script>
      
          Proof-of-concept
      
          Please see screenshot reflected-xss1.png attached
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                j-white Jesse White
                Reporter:
                j-white Jesse White
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: