icon

We found results for “

CVE-2021-25934

Date: May 25, 2021

Overview

in OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.

Details

The module `opennms` can be abused by Stored Cross-Site Scripting vulnerability since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. The `createRequisitionedNode()` function simply adds a new requisition on the server and accepts user input via `node-label` parameter. Due to lack of validation on the value passed into the parameter, an attacker can supply a crafted arbitrary script.

PoC Details

Login to the application and navigate to the “opennms/admin/ng-requisitions/index.jsp#/requisitions” endpoint. Click on the `Add Requisition` button and enter a name in the popped-up dialogue box and click “OK". On the same page, click on the "Quick Add Note" button. Select the requisition you’ve just added, enter an IP and insert the payload in the “Node label” field and click on “Provision”. Now click on the "pen" symbol of the requisition to edit it. Click on the "bin" symbol to delete it. Now notice the payload getting triggered.

PoC Code

<script>alert(“XSS")</script>

Affected Environments

opennms-18.0.0-1 through opennms-27.1.0-1, meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1, meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1

Prevention

Upgrade to Horizon 27.1.1, Meridian 2020.1.8 or Meridian 2019.1.19

Language: Java

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version opennms-27.1.1-1,meridian-foundation-2019.1.19-1,meridian-foundation-2020.1.8-1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: