CVE-2023-40314

CVSS V2 None CVSS V3 None

Description

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue.

Overview

CVE ID
CVE-2023-40314

Assigner
OpenNMS

Vulnerability Status
PUBLISHED

Published Version
2023-11-16T21:14:07.488Z

Last Modified Date
2023-11-16T21:14:07.488Z

Weakness Enumerations

CWE	URL
CWE-20	http://cwe.mitre.org/data/definitions/20.html
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://github.com/OpenNMS/opennms/pull/6791

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-40314
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40314

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 02:36:18				Added to TrackCVE