CVE-2018-0046

MEDIUM

Description

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.

References

http://www.securityfocus.com/bid/105566

http://www.securitytracker.com/id/1041862

https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d

https://kb.juniper.net/JSA10880

Details

Source: MITRE

Published: 2018-10-10

Updated: 2018-11-29

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM