Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
horizon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0869
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation inst...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-0872
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Me...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-0846
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meri...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-0868
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions stat...
Opennms Horizon
Opennms Meridian
231
VMScore
CVE-2010-2854
Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not prop...
Jared Meeker Event Horizon 1.1.10
605
VMScore
CVE-2010-2855
Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this informa...
Jared Meeker Event Horizon 1.1.10
516
VMScore
CVE-2020-29565
An issue exists in OpenStack Horizon prior to 15.3.2, 16.x prior to 16.2.1, 17.x and 18.x prior to 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automat...
Openstack Horizon
Debian Debian Linux 10.0
578
VMScore
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 prior to 2018.1.25, 2019 prior to 2019.1.16, and 2020 prior to 2020.1.5, Horizon 1.2 up to and including 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
Opennms Newts
Opennms Horizon
Opennms Meridian
580
VMScore
CVE-2020-12760
An issue exists in OpenNMS Horizon prior to 26.0.1, and Meridian prior to 2018.1.19 and 2019 prior to 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution...
Opennms Opennms Horizon
Opennms Opennms Meridian
383
VMScore
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote malicious users to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier wa...
Openstack Essex 2012.1
Openstack Horizon Folsom-3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »