CVE-2023-0846

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0846

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0846.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0846

Aliases

GHSA-79jr-8fhm-8wv3

Published

2023-02-22T19:15:11.090Z

Modified

2026-04-12T08:34:20.774966Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type

GIT

Repo

https://github.com/opennms/opennms

Events

Introduced

Fixed

9feb41d9ff697443b9b77bdcfa8e618b1350ed76

Introduced

Fixed

3619e2c44a6e3efe312f8f7f46a9d06955e01bb0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "31.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2023.1.0"
        }
    ]
}

Affected versions

opennms-1.*

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.13.2-1

opennms-1.9.0-1

opennms-1.9.4-1

opennms-1.9.93-1

opennms-20.*

opennms-20.0.0-1

opennms-31.*

opennms-31.0.0-1

opennms-31.0.1-1

space-integration-12.*

space-integration-12.2-code-freeze

Database specific

vanir_signatures_modified

"2026-04-12T08:34:20Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0846.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2023-0846-0e0e561b",
        "source": "https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76",
        "signature_version": "v1",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java",
            "function": "getFrameworkUrl"
        },
        "digest": {
            "length": 185.0,
            "function_hash": "206425191555369378448459867943500113004"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-0846-ccaa9e5b",
        "source": "https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76",
        "signature_version": "v1",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "34429318019951841524344332265895841257",
                "69464526689932505471209434272048820764",
                "263236452842351482963584900797504484320",
                "167767907474950385554340535886404424610"
            ]
        }
    }
]