{ "schema_version": "1.4.0", "id": "GHSA-h93p-v9jf-r4xm", "modified": "2022-05-17T01:49:32Z", "published": "2022-05-17T01:49:32Z", "aliases": [ "CVE-2012-0936" ], "details": "Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0936" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72625" }, { "type": "WEB", "url": "http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a" }, { "type": "WEB", "url": "http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs" }, { "type": "WEB", "url": "http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel" }, { "type": "WEB", "url": "http://issues.opennms.org/browse/NMS/fixforversion/10825" }, { "type": "WEB", "url": "http://osvdb.org/78454" }, { "type": "WEB", "url": "http://secunia.com/advisories/47646" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/51632" } ], "database_specific": { "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-01-29T04:04:00Z" } }