4.3
CVE-2012-0936
- EPSS 2.16%
- Veröffentlicht 29.01.2012 04:04:45
- Zuletzt bearbeitet 16.06.2026 23:38:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opennms.Org ≫ Opennms Version1.8.0
Opennms.Org ≫ Opennms Version1.8.1
Opennms.Org ≫ Opennms Version1.8.2
Opennms.Org ≫ Opennms Version1.8.3
Opennms.Org ≫ Opennms Version1.8.4
Opennms.Org ≫ Opennms Version1.8.5
Opennms.Org ≫ Opennms Version1.8.6
Opennms.Org ≫ Opennms Version1.8.7
Opennms.Org ≫ Opennms Version1.8.8
Opennms.Org ≫ Opennms Version1.8.9
Opennms.Org ≫ Opennms Version1.8.10
Opennms.Org ≫ Opennms Version1.8.11
Opennms.Org ≫ Opennms Version1.8.12
Opennms.Org ≫ Opennms Version1.8.13
Opennms.Org ≫ Opennms Version1.8.14
Opennms.Org ≫ Opennms Version1.8.15
Opennms.Org ≫ Opennms Version1.8.16
Opennms.Org ≫ Opennms Version <= 1.9.93
Opennms.Org ≫ Opennms Version0.2
Opennms.Org ≫ Opennms Version0.3.0
Opennms.Org ≫ Opennms Version0.4.0
Opennms.Org ≫ Opennms Version0.6.0
Opennms.Org ≫ Opennms Version0.6.1
Opennms.Org ≫ Opennms Version0.6.1--2
Opennms.Org ≫ Opennms Version0.6.2
Opennms.Org ≫ Opennms Version0.7.1
Opennms.Org ≫ Opennms Version0.7.2
Opennms.Org ≫ Opennms Version0.7.3
Opennms.Org ≫ Opennms Version0.7.5
Opennms.Org ≫ Opennms Version0.8.0
Opennms.Org ≫ Opennms Version0.8.1
Opennms.Org ≫ Opennms Version0.9.0
Opennms.Org ≫ Opennms Version0.9.1
Opennms.Org ≫ Opennms Version0.9.2
Opennms.Org ≫ Opennms Version0.9.3
Opennms.Org ≫ Opennms Version0.9.4
Opennms.Org ≫ Opennms Version0.9.5
Opennms.Org ≫ Opennms Version0.9.6
Opennms.Org ≫ Opennms Version0.9.9
Opennms.Org ≫ Opennms Version1.0.0
Opennms.Org ≫ Opennms Version1.0.1
Opennms.Org ≫ Opennms Version1.0.2
Opennms.Org ≫ Opennms Version1.1.0
Opennms.Org ≫ Opennms Version1.1.1
Opennms.Org ≫ Opennms Version1.1.2
Opennms.Org ≫ Opennms Version1.1.3
Opennms.Org ≫ Opennms Version1.1.4
Opennms.Org ≫ Opennms Version1.1.5
Opennms.Org ≫ Opennms Version1.2.0
Opennms.Org ≫ Opennms Version1.2.1
Opennms.Org ≫ Opennms Version1.2.2
Opennms.Org ≫ Opennms Version1.2.3
Opennms.Org ≫ Opennms Version1.2.4
Opennms.Org ≫ Opennms Version1.2.5
Opennms.Org ≫ Opennms Version1.2.6
Opennms.Org ≫ Opennms Version1.2.7
Opennms.Org ≫ Opennms Version1.2.8
Opennms.Org ≫ Opennms Version1.2.9
Opennms.Org ≫ Opennms Version1.3.0
Opennms.Org ≫ Opennms Version1.3.1
Opennms.Org ≫ Opennms Version1.3.2
Opennms.Org ≫ Opennms Version1.3.3
Opennms.Org ≫ Opennms Version1.3.4
Opennms.Org ≫ Opennms Version1.3.5
Opennms.Org ≫ Opennms Version1.3.6
Opennms.Org ≫ Opennms Version1.3.7
Opennms.Org ≫ Opennms Version1.3.8
Opennms.Org ≫ Opennms Version1.3.9
Opennms.Org ≫ Opennms Version1.3.10
Opennms.Org ≫ Opennms Version1.3.11
Opennms.Org ≫ Opennms Version1.5.90
Opennms.Org ≫ Opennms Version1.5.91
Opennms.Org ≫ Opennms Version1.5.92
Opennms.Org ≫ Opennms Version1.5.93
Opennms.Org ≫ Opennms Version1.5.94
Opennms.Org ≫ Opennms Version1.5.95
Opennms.Org ≫ Opennms Version1.5.96
Opennms.Org ≫ Opennms Version1.5.97
Opennms.Org ≫ Opennms Version1.5.98
Opennms.Org ≫ Opennms Version1.5.99
Opennms.Org ≫ Opennms Version1.6.0
Opennms.Org ≫ Opennms Version1.6.1
Opennms.Org ≫ Opennms Version1.6.2
Opennms.Org ≫ Opennms Version1.6.3
Opennms.Org ≫ Opennms Version1.6.4
Opennms.Org ≫ Opennms Version1.6.5
Opennms.Org ≫ Opennms Version1.6.6
Opennms.Org ≫ Opennms Version1.6.7
Opennms.Org ≫ Opennms Version1.6.8
Opennms.Org ≫ Opennms Version1.6.9
Opennms.Org ≫ Opennms Version1.6.10
Opennms.Org ≫ Opennms Version1.6.11
Opennms.Org ≫ Opennms Version1.7.0
Opennms.Org ≫ Opennms Version1.7.1
Opennms.Org ≫ Opennms Version1.7.2
Opennms.Org ≫ Opennms Version1.7.3
Opennms.Org ≫ Opennms Version1.7.4
Opennms.Org ≫ Opennms Version1.7.5
Opennms.Org ≫ Opennms Version1.7.6
Opennms.Org ≫ Opennms Version1.7.7
Opennms.Org ≫ Opennms Version1.7.8
Opennms.Org ≫ Opennms Version1.7.9
Opennms.Org ≫ Opennms Version1.7.10
Opennms.Org ≫ Opennms Version1.7.90
Opennms.Org ≫ Opennms Version1.7.91
Opennms.Org ≫ Opennms Version1.7.92
Opennms.Org ≫ Opennms Version1.9.0
Opennms.Org ≫ Opennms Version1.9.1
Opennms.Org ≫ Opennms Version1.9.2
Opennms.Org ≫ Opennms Version1.9.3
Opennms.Org ≫ Opennms Version1.9.4
Opennms.Org ≫ Opennms Version1.9.5
Opennms.Org ≫ Opennms Version1.9.6
Opennms.Org ≫ Opennms Version1.9.7
Opennms.Org ≫ Opennms Version1.9.8
Opennms.Org ≫ Opennms Version1.9.90
Opennms.Org ≫ Opennms Version1.9.91
Opennms.Org ≫ Opennms Version1.9.92
Opennms.Org ≫ Opennms Version1.10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.16% | 0.799 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a
http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs
http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel
http://issues.opennms.org/browse/NMS/fixforversion/10825
http://osvdb.org/78454
http://secunia.com/advisories/47646
http://www.securityfocus.com/bid/51632
https://exchange.xforce.ibmcloud.com/vulnerabilities/72625