OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways

An XSS vulnerability was found in OpenNMS, a popular enterprise-grade monitoring solution. The issue is tracked as CVE-2023-0846 and allows an unauthenticated attacker to inject a JavaScript payload into the admin dashboard by exploiting another vulnerability in the application. This can lead to arbitrary code execution on the OpenNMS server once an admin views the dashboard. The vulnerabilities were fixed in OpenNMS 31.0.4.