CVE-2023-0846: OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting

February 22, 2023

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information.

References

github.com/OpenNMS/opennms/pull/5506/files
github.com/advisories/GHSA-79jr-8fhm-8wv3
issues.opennms.org/browse/NMS-14877
nvd.nist.gov/vuln/detail/CVE-2023-0846

Detect and mitigate CVE-2023-0846 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →