CVE-2021-25932
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
En OpenNMS Horizon, versiones opennms-1-0-stable hasta opennms-27.1.0-1; OpenNMS Meridian, versiones meridian-foundation-2015.1.0-1 hasta meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 hasta meridian-foundation-2020.1.6-1 son vulnerables a ataques de tipo Cross-Site Scripting almacenados, ya que la función "validateFormInput()" realiza comprobaciones de comprobación incorrectas en la entrada enviada al parámetro "userID" . Debido a este fallo, un atacante podría inyectar un script arbitrario que se almacenará en la base de datos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-22 CVE Reserved
- 2021-06-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932 | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opennms Search vendor "Opennms" | Meridian Search vendor "Opennms" for product "Meridian" | >= 2015.1.0-1 <= 2019.1.18-1 Search vendor "Opennms" for product "Meridian" and version " >= 2015.1.0-1 <= 2019.1.18-1" | - |
Affected
| ||||||
Opennms Search vendor "Opennms" | Meridian Search vendor "Opennms" for product "Meridian" | >= 2020.1.0-1 <= 2020.1.6-1 Search vendor "Opennms" for product "Meridian" and version " >= 2020.1.0-1 <= 2020.1.6-1" | - |
Affected
| ||||||
Opennms Search vendor "Opennms" | Opennms Search vendor "Opennms" for product "Opennms" | >= 1.0 <= 27.1.0-1 Search vendor "Opennms" for product "Opennms" and version " >= 1.0 <= 27.1.0-1" | - |
Affected
|