CVE-2023-40312

MEDIUM Year: 2023
CVSS v3 Score
5.2
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue.

Related Vulnerabilities

CVE-2016-10864

MEDIUM
CVSS:5.2(Medium)

NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.

CWE-792016

CVE-2017-18700

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4...

CWE-792017

CVE-2017-18701

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.

CWE-792017

CVE-2017-18715

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 befor...

CWE-792017

CVE-2017-18745

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0...

CWE-792017

CVE-2017-18807

MEDIUM
CVSS:5.2(Medium)

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CWE-792017