icon

We found results for “

CVE-2021-25929

Date: May 20, 2021

Overview

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1--meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files.

Details

The module `opennms` can be abused by Stored Cross-Site Scripting vulnerability since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms.

PoC Details

opennms-1-0-stable, opennms-1.0.1 through opennms-27.1.0-1, meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1, meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1

PoC Code

<script>alert(“XSS in Choose Path")</script>

Affected Environments

opennms-1-0-stable, opennms-1.0.1 through opennms-27.1.0-1 meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1 meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1

Prevention

Upgrade to Upgrade to Horizon 2.7.1.1, Meridian 2020.1.7 or Meridian 2019.1.19

Language: Java

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version org.opennms:opennms:27.1.1, org.opennms:opennms-webapp:27.1.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): High
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: