CVE-2021-25934
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
En OpenNMS Horizon, versiones opennms-18.0.0-1 hasta opennms-27.1.0-1; OpenNMS Meridian, versiones meridian-foundation-2015.1.0-1 hasta meridian-foundation-2019.1.18-1; versiones meridian-foundation-2020.1.0-1 hasta meridian-foundation-2020.1.7-1, son vulnerables a un ataque de tipo Cross-Site Scripting Almacenado, ya que la función "createRequisitionedNode()" no lleva a cabo ningún chequeo de comprobación en la entrada enviada hacia el parámetro "nodo -label". Debido a este fallo, un atacante podría inyectar un script arbitrario que será almacenado en la base de datos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-22 CVE Reserved
- 2021-05-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25934 | 2024-08-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opennms Search vendor "Opennms" | Horizon Search vendor "Opennms" for product "Horizon" | >= 18.0.0 <= 27.1.0 Search vendor "Opennms" for product "Horizon" and version " >= 18.0.0 <= 27.1.0" | - |
Affected
| ||||||
Opennms Search vendor "Opennms" | Meridian Search vendor "Opennms" for product "Meridian" | >= 2015.1.0 <= 2019.1.18 Search vendor "Opennms" for product "Meridian" and version " >= 2015.1.0 <= 2019.1.18" | - |
Affected
| ||||||
Opennms Search vendor "Opennms" | Meridian Search vendor "Opennms" for product "Meridian" | >= 2020.1.0 <= 2020.1.7 Search vendor "Opennms" for product "Meridian" and version " >= 2020.1.0 <= 2020.1.7" | - |
Affected
|