[NMS-9457] Multiple XSS vulnerabilities in OpenNMS webapp - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.12.9, Meridian-2015.1.0, 17.0.0
Fix Version/s: 21.0.0, Meridian-2015.1.8, Meridian-2016.1.8, Meridian-2017.1.1
Component/s: Web UI - General
Security Level: Default (Default Security Scheme)
Labels:
- security

Sprint:
Horizon - September 27th

Description

For details, see https://mynms.opennms.com/Ticket/Display.html?id=4297
The XSS problems are straightforward to address case-by-case. The CSRF ones will require a full audit of the webapp to address comprehensively.

Attachments

Issue Links

depends on

NMS-9354 XSS vulnerability on node error page

Resolved

is duplicated by

NMS-9675 IOActive: Reflected Cross-site Scripting in alarm/list.htm display Parameter

Resolved

Activity

People

Assignee:: Seth Leger

Reporter:: Jeff Gehlbach

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Jan/16 3:32 PM

Updated:: 17/Jan/18 1:16 AM

Resolved:: 10/Oct/17 6:55 PM

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.