CVE-2023-0868— Stealing Cookies using Reflected XSS via graph results

Stealing Cookies using Reflected XSS via graph results

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

输入验证不恰当

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS是美国Opennms Group公司的一套开源的企业级网络监视和网络管理平台。 Opennms Group OpenNMS Meridian 、 Horizon存在安全漏洞，该漏洞源于graph results中存在跨站脚本 (XSS) 漏洞，攻击者利用该漏洞可以窃取会话 cookie。

N/A

N/A