CVE-2012-0936

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a
http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs	Vendor Advisory
http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel
http://issues.opennms.org/browse/NMS/fixforversion/10825
http://osvdb.org/78454
http://secunia.com/advisories/47646	Vendor Advisory
http://www.securityfocus.com/bid/51632
https://exchange.xforce.ibmcloud.com/vulnerabilities/72625
http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a
http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs	Vendor Advisory
http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel
http://issues.opennms.org/browse/NMS/fixforversion/10825
http://osvdb.org/78454
http://secunia.com/advisories/47646	Vendor Advisory
http://www.securityfocus.com/bid/51632
https://exchange.xforce.ibmcloud.com/vulnerabilities/72625

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:opennms.org:opennms:1.8.0:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.1:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.2:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.3:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.4:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.5:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.6:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.7:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.8:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.9:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.10:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.11:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.12:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.13:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.14:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.15:::::::*
	cpe:2.3:a:opennms.org:opennms:1.8.16:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:opennms.org:opennms::::::::
	cpe:2.3:a:opennms.org:opennms:0.2:::::::*
	cpe:2.3:a:opennms.org:opennms:0.3.0:::::::*
	cpe:2.3:a:opennms.org:opennms:0.4.0:::::::*
	cpe:2.3:a:opennms.org:opennms:0.6.0:::::::*
	cpe:2.3:a:opennms.org:opennms:0.6.1:::::::*
	cpe:2.3:a:opennms.org:opennms:0.6.1--2:::::::*
	cpe:2.3:a:opennms.org:opennms:0.6.2:::::::*
	cpe:2.3:a:opennms.org:opennms:0.7.1:::::::*
	cpe:2.3:a:opennms.org:opennms:0.7.2:::::::*
	cpe:2.3:a:opennms.org:opennms:0.7.3:::::::*
	cpe:2.3:a:opennms.org:opennms:0.7.5:::::::*
	cpe:2.3:a:opennms.org:opennms:0.8.0:::::::*
	cpe:2.3:a:opennms.org:opennms:0.8.1:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.0:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.1:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.2:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.3:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.4:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.5:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.6:::::::*
	cpe:2.3:a:opennms.org:opennms:0.9.9:::::::*
	cpe:2.3:a:opennms.org:opennms:1.0.0:::::::*
	cpe:2.3:a:opennms.org:opennms:1.0.1:::::::*
	cpe:2.3:a:opennms.org:opennms:1.0.2:::::::*
	cpe:2.3:a:opennms.org:opennms:1.1.0:::::::*
	cpe:2.3:a:opennms.org:opennms:1.1.1:::::::*
	cpe:2.3:a:opennms.org:opennms:1.1.2:::::::*
	cpe:2.3:a:opennms.org:opennms:1.1.3:::::::*
	cpe:2.3:a:opennms.org:opennms:1.1.4:::::::*
	cpe:2.3:a:opennms.org:opennms:1.1.5:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.0:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.1:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.2:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.3:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.4:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.5:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.6:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.7:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.8:::::::*
	cpe:2.3:a:opennms.org:opennms:1.2.9:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.0:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.1:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.2:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.3:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.4:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.5:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.6:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.7:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.8:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.9:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.10:::::::*
	cpe:2.3:a:opennms.org:opennms:1.3.11:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.90:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.91:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.92:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.93:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.94:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.95:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.96:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.97:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.98:::::::*
	cpe:2.3:a:opennms.org:opennms:1.5.99:::::::*
	cpe:2.3:a:opennms.org:opennms:1.6.0:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.1:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.2:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.3:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.4:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.5:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.6:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.7:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.8:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.9:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.10:::::::*
cpe:2.3:a:opennms.org:opennms:1.6.11:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.0:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.1:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.2:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.3:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.4:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.5:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.6:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.7:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.8:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.9:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.10:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.90:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.91:::::::*
cpe:2.3:a:opennms.org:opennms:1.7.92:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.0:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.1:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.2:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.3:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.4:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.5:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.6:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.7:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.8:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.90:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.91:::::::*
cpe:2.3:a:opennms.org:opennms:1.9.92:::::::*

Configuration 3 (hide)

cpe:2.3:a:opennms.org:opennms:1.10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:36

Type	Values Removed	Values Added
References	() http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a -	() http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a -
References	~~() http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs - Vendor Advisory~~	() http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs - Vendor Advisory
References	() http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel -	() http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel -
References	~~() http://issues.opennms.org/browse/NMS/fixforversion/10825 -~~	() http://issues.opennms.org/browse/NMS/fixforversion/10825 -
References	~~() http://osvdb.org/78454 -~~	() http://osvdb.org/78454 -
References	~~() http://secunia.com/advisories/47646 - Vendor Advisory~~	() http://secunia.com/advisories/47646 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/51632 -~~	() http://www.securityfocus.com/bid/51632 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/72625 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/72625 -

Information

Published : 2012-01-29 04:04

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0936

Mitre link : CVE-2012-0936

CVE.ORG link : CVE-2012-0936

JSON object : View

Products Affected

opennms.org

opennms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10