CVE-2012-0936

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
opennms.orgopennms
1.8.0
opennms.orgopennms
1.8.1
opennms.orgopennms
1.8.2
opennms.orgopennms
1.8.3
opennms.orgopennms
1.8.4
opennms.orgopennms
1.8.5
opennms.orgopennms
1.8.6
opennms.orgopennms
1.8.7
opennms.orgopennms
1.8.8
opennms.orgopennms
1.8.9
opennms.orgopennms
1.8.10
opennms.orgopennms
1.8.11
opennms.orgopennms
1.8.12
opennms.orgopennms
1.8.13
opennms.orgopennms
1.8.14
opennms.orgopennms
1.8.15
opennms.orgopennms
1.8.16
opennms.orgopennms
𝑥
≤ 1.9.93
opennms.orgopennms
0.2
opennms.orgopennms
0.3.0
opennms.orgopennms
0.4.0
opennms.orgopennms
0.6.0
opennms.orgopennms
0.6.1
opennms.orgopennms
0.6.1--2
opennms.orgopennms
0.6.2
opennms.orgopennms
0.7.1
opennms.orgopennms
0.7.2
opennms.orgopennms
0.7.3
opennms.orgopennms
0.7.5
opennms.orgopennms
0.8.0
opennms.orgopennms
0.8.1
opennms.orgopennms
0.9.0
opennms.orgopennms
0.9.1
opennms.orgopennms
0.9.2
opennms.orgopennms
0.9.3
opennms.orgopennms
0.9.4
opennms.orgopennms
0.9.5
opennms.orgopennms
0.9.6
opennms.orgopennms
0.9.9
opennms.orgopennms
1.0.0
opennms.orgopennms
1.0.1
opennms.orgopennms
1.0.2
opennms.orgopennms
1.1.0
opennms.orgopennms
1.1.1
opennms.orgopennms
1.1.2
opennms.orgopennms
1.1.3
opennms.orgopennms
1.1.4
opennms.orgopennms
1.1.5
opennms.orgopennms
1.2.0
opennms.orgopennms
1.2.1
opennms.orgopennms
1.2.2
opennms.orgopennms
1.2.3
opennms.orgopennms
1.2.4
opennms.orgopennms
1.2.5
opennms.orgopennms
1.2.6
opennms.orgopennms
1.2.7
opennms.orgopennms
1.2.8
opennms.orgopennms
1.2.9
opennms.orgopennms
1.3.0
opennms.orgopennms
1.3.1
opennms.orgopennms
1.3.2
opennms.orgopennms
1.3.3
opennms.orgopennms
1.3.4
opennms.orgopennms
1.3.5
opennms.orgopennms
1.3.6
opennms.orgopennms
1.3.7
opennms.orgopennms
1.3.8
opennms.orgopennms
1.3.9
opennms.orgopennms
1.3.10
opennms.orgopennms
1.3.11
opennms.orgopennms
1.5.90
opennms.orgopennms
1.5.91
opennms.orgopennms
1.5.92
opennms.orgopennms
1.5.93
opennms.orgopennms
1.5.94
opennms.orgopennms
1.5.95
opennms.orgopennms
1.5.96
opennms.orgopennms
1.5.97
opennms.orgopennms
1.5.98
opennms.orgopennms
1.5.99
opennms.orgopennms
1.6.0
opennms.orgopennms
1.6.1
opennms.orgopennms
1.6.2
opennms.orgopennms
1.6.3
opennms.orgopennms
1.6.4
opennms.orgopennms
1.6.5
opennms.orgopennms
1.6.6
opennms.orgopennms
1.6.7
opennms.orgopennms
1.6.8
opennms.orgopennms
1.6.9
opennms.orgopennms
1.6.10
opennms.orgopennms
1.6.11
opennms.orgopennms
1.7.0
opennms.orgopennms
1.7.1
opennms.orgopennms
1.7.2
opennms.orgopennms
1.7.3
opennms.orgopennms
1.7.4
opennms.orgopennms
1.7.5
opennms.orgopennms
1.7.6
opennms.orgopennms
1.7.7
opennms.orgopennms
1.7.8
opennms.orgopennms
1.7.9
opennms.orgopennms
1.7.10
opennms.orgopennms
1.7.90
opennms.orgopennms
1.7.91
opennms.orgopennms
1.7.92
opennms.orgopennms
1.9.0
opennms.orgopennms
1.9.1
opennms.orgopennms
1.9.2
opennms.orgopennms
1.9.3
opennms.orgopennms
1.9.4
opennms.orgopennms
1.9.5
opennms.orgopennms
1.9.6
opennms.orgopennms
1.9.7
opennms.orgopennms
1.9.8
opennms.orgopennms
1.9.90
opennms.orgopennms
1.9.91
opennms.orgopennms
1.9.92
opennms.orgopennms
1.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a
http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs
http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel
http://issues.opennms.org/browse/NMS/fixforversion/10825
http://osvdb.org/78454
http://secunia.com/advisories/47646
http://www.securityfocus.com/bid/51632
https://exchange.xforce.ibmcloud.com/vulnerabilities/72625
http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a
http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs
http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel
http://issues.opennms.org/browse/NMS/fixforversion/10825
http://osvdb.org/78454
http://secunia.com/advisories/47646
http://www.securityfocus.com/bid/51632
https://exchange.xforce.ibmcloud.com/vulnerabilities/72625