CVE-2023-40314

< 32.0.5

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidenti

5.8MEDIUM

CVE-2023-40612

>= 31.0.8 and < 32.0.2

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_E

5.3MEDIUM

CVE-2023-40315

>= 31.0.8 and < 32.0.2

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_ED

5.3MEDIUM

CVE-2023-40313

< 32.0.2

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian version

7.1HIGH

CVE-2023-40312

>= 31.0.8 and < 32.0.2

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlie

6.7MEDIUM

CVE-2023-40311

>= 31.0.8 and < 32.0.2

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier t

6.7MEDIUM

CVE-2023-0872

>= 31.0.8 and < 32.0.2

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is

8.2HIGH

CVE-2023-0871

>= 32.0.0 and < 32.0.2

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerab

5.4MEDIUM

CVE-2023-0870

< 31.0.6

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potential

8.1HIGH

CVE-2023-0869

< 31.0.4

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confiden

5.8MEDIUM

CVE-2023-0868

< 31.0.4

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker acces

6.7MEDIUM

CVE-2023-0867

< 31.0.4

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian an

6.7MEDIUM

CVE-2023-0815

< 31.0.4

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow

6.8MEDIUM

CVE-2023-0846

< 31.0.4

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and M

6.7MEDIUM

CVE-2021-25935

>= 17.0.0 and <= 27.1.0

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1

5.4MEDIUM

CVE-2021-25934

>= 18.0.0 and <= 27.1.0

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1

5.4MEDIUM

CVE-2021-25933

>= 1.0 and < 27.1.1

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

4.8MEDIUM

CVE-2021-25931

>= 1.0 and < 27.1.1

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

8.8HIGH

CVE-2021-25929

>= 1.0 and < 27.1.1

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

4.8MEDIUM

CVE-2021-25930

>= 1.0 and < 27.1.1

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

4.3MEDIUM

CVE-2021-3396

>= 16.0.0 and <= 27.0.3

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, a

8.8HIGH

CVE-2020-12760

< 26.1.0

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ cha

8.8HIGH

CVE-2020-11886

< 25.2.1

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmVal

8.1HIGH