VYPR
Unrated severityNVD Advisory· Published Jun 15, 2022· Updated Sep 17, 2024

OpenNMS Stored XSS via SNMP Trap Alerts

CVE-2016-6555

Description

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Opennms/Opennmsllm-fuzzy2 versions
    <=18.0.1+ 1 more
    • (no CPE)range: <=18.0.1
    • (no CPE)range: 18.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.