icon

We found results for “

CVE-2021-25935

Date: May 25, 2021

Overview

in OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `add()` performs improper validation checks on the input sent to the `foreign-source` parameter. Due to this flaw an attacker could bypass the existing regex validation and inject an arbitrary script which will be stored in the database.

Details

The module `opennms` can be abused by Stored Cross-Site Scripting vulnerability since the function `add()` performs improper validation checks on the input sent to the `foreign-source` parameter. Due to this flaw an attacker could bypass the existing regex validation and inject an arbitrary script which will be stored in the database. The `add()` function simply adds a new requisition on the server and accepts user input via `foreign-source` parameter. Due to improper validation on the value passed into the parameter, an attacker can supply a crafted arbitrary script bypassing the existing validation check.

PoC Details

Login to the application and navigate to the “opennms/admin/ng-requisitions/index.jsp#/requisitions” endpoint. Click on the `Add Requisition` button and insert the payload in the dialogue box. Click on `Ok`. A requisition containing the payload will be created and you’ll be presented with a pop-up indicating the successful execution of the script.

PoC Code

<img src=ymca onerror=confirm()>

Affected Environments

opennms-17.0.0-1 through opennms-27.1.0-1, meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1, meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1

Prevention

Upgrade to Horizon 27.1.1, Meridian 2020.1.8 or Meridian 2019.1.19

Language: Java

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version opennms-27.1.1-1,meridian-foundation-2019.1.19-1,meridian-foundation-2020.1.8-1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: