mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
|
### [CVE-2012-0936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0936)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs
|
||
|
|
- http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel
|
||
|
|
- http://issues.opennms.org/browse/NMS/fixforversion/10825
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
No PoCs found on GitHub currently.
|
||
|
|
|