CVE-2008-4320
CVE-2008-4320
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/32425unverifiedexploitdbwww.exploit-db.com/exploits/32423unverifiedexploitdbwww.exploit-db.com/exploits/32424unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugzilla.opennms.org/show_bug.cgi?id=2631http://bugzilla.opennms.org/show_bug.cgi?id=2633http://bugzilla.opennms.org/show_bug.cgi?id=2634http://secunia.com/advisories/32019https://exchange.xforce.ibmcloud.com/vulnerabilities/45417http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257http://www.securityfocus.com/bid/31410