Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9354

XSS vulnerability on node error page

    XMLWordPrintable

    Details

    • Sprint:
      Horizon - May 31st

      Description

      From report:

          Type of issue:
          Reflected Cross-site scripting 1
      
          Product and version that contains the bug:
          OpenNMS 19.1.0
      
          Any special configuration required to reproduce the issue:
          None
      
          Step-by-step instructions to reproduce the issue on a fresh install
          Once authenticated to OpenNMS, enter the following URL:
          http://localhost:8980/opennms/element/node.jsp?node=<script>alert('xss')</script>
      
          Proof-of-concept
      
          Please see screenshot reflected-xss1.png attached
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              j-white Jesse White
              Reporter:
              j-white Jesse White
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: