CVE-2023-0868

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0868

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0868.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-0868

Aliases

GHSA-g57g-rvpg-2f2c

Published

2023-02-23T15:15:11.090Z

Modified

2026-04-12T06:36:17.405077Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type

GIT

Repo

https://github.com/opennms/opennms

Events

Introduced

Fixed

9feb41d9ff697443b9b77bdcfa8e618b1350ed76

Fixed

3619e2c44a6e3efe312f8f7f46a9d06955e01bb0

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "31.0.4"
        },
        {
            "fixed": "2023.1.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:opennms:horizon:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*"
    ]
}

Affected versions

opennms-1.*

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.13.2-1

opennms-1.9.0-1

opennms-1.9.4-1

opennms-1.9.93-1

opennms-20.*

opennms-20.0.0-1

opennms-31.*

opennms-31.0.0-1

opennms-31.0.1-1

space-integration-12.*

space-integration-12.2-code-freeze

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "getFrameworkUrl",
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        },
        "source": "https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76",
        "deprecated": false,
        "digest": {
            "length": 185.0,
            "function_hash": "206425191555369378448459867943500113004"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2023-0868-0e0e561b"
    },
    {
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        },
        "source": "https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "34429318019951841524344332265895841257",
                "69464526689932505471209434272048820764",
                "263236452842351482963584900797504484320",
                "167767907474950385554340535886404424610"
            ]
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2023-0868-ccaa9e5b"
    }
]

vanir_signatures_modified

"2026-04-12T06:36:17Z"

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0868.json"