Unrated severityNVD Advisory· Published Jun 1, 2021· Updated Aug 3, 2024
CVE-2021-25932
CVE-2021-25932
Description
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function validateFormInput() performs improper validation checks on the input sent to the userID parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- OpenNMS/OpenNMS Horizon / Meridiandescription
- Range: meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1
Patches
Vulnerability mechanics
References
4- github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01mitrex_refsource_MISC
- github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98cmitrex_refsource_MISC
- github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10emitrex_refsource_MISC
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.