CVE-2021-25934
Description
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function createRequisitionedNode() does not perform any validation checks on the input sent to the node-label parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opennms:opennmsMaven | >= 18.0.0-1, <= 27.1.0-1 | — |
Affected products
2- OpenNMS/OpenNMS Horizondescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-9hhc-cc6c-99hhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25934ghsaADVISORY
- github.com/OpenNMS/opennms/commit/101e3aa06ec9a1f8f266335fc6f5685c062c6117ghsax_refsource_MISCWEB
- github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98cghsax_refsource_MISCWEB
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25934ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.