OpenNMS HTML Injection Vulnerability
BID:51632
Info
OpenNMS HTML Injection Vulnerability
| Bugtraq ID: | 51632 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0936 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2012 12:00AM |
| Updated: | Feb 01 2012 11:30AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
OpenNMS OpenNMS 1.9.93 OpenNMS OpenNMS 1.8.16 |
| Not Vulnerable: |
OpenNMS OpenNMS 1.8.17 OpenNMS OpenNMS 1.10.0 |
Discussion
OpenNMS HTML Injection Vulnerability
OpenNMS is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
OpenNMS versions 1.8.16 and 1.9.93 are vulnerable. Other versions may also be affected.
OpenNMS is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
OpenNMS versions 1.8.16 and 1.9.93 are vulnerable. Other versions may also be affected.
Exploit / POC
OpenNMS HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
OpenNMS HTML Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
OpenNMS HTML Injection Vulnerability
References:
References:
- Commit (OpenNMS)
- Home Page (OpenNMS)
- XSS vulnerability in OpenNMS web UI (OpenNMS)