CVE-2008-4320
29.09.2008, 19:25
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
| Vendor | Product | Version |
|---|---|---|
| opennms.org | opennms | 𝑥 ≤ 1.0.0 |
| opennms.org | opennms | 𝑥 ≤ 1.1.0 |
| opennms.org | opennms | 𝑥 ≤ 1.2.0 |
| opennms.org | opennms | 𝑥 ≤ 1.3.0 |
| opennms.org | opennms | 𝑥 ≤ 1.5.90 |
| opennms.org | opennms | 1.1.1 |
| opennms.org | opennms | 1.1.2 |
| opennms.org | opennms | 1.1.3 |
| opennms.org | opennms | 1.1.4 |
| opennms.org | opennms | 1.1.5 |
| opennms.org | opennms | 1.2.1 |
| opennms.org | opennms | 1.2.2 |
| opennms.org | opennms | 1.2.3 |
| opennms.org | opennms | 1.2.4 |
| opennms.org | opennms | 1.3.1 |
| opennms.org | opennms | 1.3.2 |
| opennms.org | opennms | 1.3.3 |
| opennms.org | opennms | 1.3.4 |
| opennms.org | opennms | 1.3.5 |
| opennms.org | opennms | 1.3.6 |
| opennms.org | opennms | 1.3.7 |
| opennms.org | opennms | 1.3.8 |
| opennms.org | opennms | 1.3.9 |
| opennms.org | opennms | 1.3.10 |
| opennms.org | opennms | 1.3.11 |
| opennms.org | opennms | 1.5.91 |
| opennms.org | opennms | 1.5.92 |
| opennms.org | opennms | 1.5.93 |
𝑥
= Vulnerable software versions
References