CVE-2021-25932
N/A
N/A
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function validateFormInput() performs improper validation checks on the input sent to the userID parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | OpenNMS | opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 | affected |
Weaknesses
- Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932
- https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e
- https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01
References
- https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932
- https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e
- https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.