Opennms · Opennms Meridian · CVE-2023-0867
**Name of the Vulnerable Software and Affected Versions**
OpenNMS Meridian versions prior to 2023.1.0
OpenNMS Horizon versions prior to 31.0.4
**Description**
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages could allow an attacker access to confidential session information.
**Recommendations**
For OpenNMS Meridian versions prior to 2023.1.0, upgrade to Meridian 2023.1.0 or newer.
For OpenNMS Horizon versions prior to 31.0.4, upgrade to Horizon 31.0.4.
As a temporary workaround, consider restricting access to the webapp jsp pages until a patch is available.