CVE-2023-40311

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Aug 14, 2023
Updated: Aug 23, 2023
CWE ID 79

Summary

CVE-2023-40311 is a stored Cross-Site Scripting (XSS) vulnerability affecting OpenMNS Horizon 31.0.8 and older versions on multiple platforms. The flaw stems from unsanitized parameters in JSP files, enabling an attacker to inject malicious code into a database and subsequently load it on JSPs or Angular templates. To address this issue, users are advised to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. These applications should be installed within private networks and not directly accessible from the Internet. OpenMNS expresses gratitude to Jordi Miralles Comins for reporting this matter.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • OpenNMS Meridian
  • OpenNMS Horizon

Affected Vendors

  • Opennms