CVE-2023-0869

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0869
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0869.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-0869
Aliases
Published
2023-02-23T14:43:40.950Z
Modified
2026-05-30T20:56:56.975146Z
Severity
  • 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
Summary
Cross-site scripting in outage/list.htm
Details

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer.

Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Database specific 
{
    "cna_assigner": "OpenNMS",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0869.json",
    "cwe_ids": [
        "CWE-20",
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type
GIT
Repo
https://github.com/opennms/opennms
Events
Introduced
fb38c6369c2299317e603dcc6c34b2eb8702af92
Fixed
9feb41d9ff697443b9b77bdcfa8e618b1350ed76

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0869.json"
vanir_signatures_modified 
"2026-05-30T20:56:56Z"
vanir_signatures 
[
    {
        "id": "CVE-2023-0869-0e0e561b",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 185.0,
            "function_hash": "206425191555369378448459867943500113004"
        },
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java",
            "function": "getFrameworkUrl"
        }
    },
    {
        "id": "CVE-2023-0869-ccaa9e5b",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "34429318019951841524344332265895841257",
                "69464526689932505471209434272048820764",
                "263236452842351482963584900797504484320",
                "167767907474950385554340535886404424610"
            ]
        },
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        }
    }
]