Lucene search
MendCVELIST:CVE-2021-25929HistoryMay 20, 2021 - 2:09 p.m.
CVE-2021-25929
2021-05-2014:09:45
Mend
www.cve.org
0.001 Low
EPSS
Percentile
26.4%
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the name parameter in noticeWizard endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files.
CNA Affected
[
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
]Related
nvd
nvd
CVE-2021-25929
2021-05-20 15:15:07
prion
prion
Cross site scripting
2021-05-20 15:15:00
cve
cve
CVE-2021-25929
2021-05-20 15:15:07
osv
osv
Cross-site Scripting in OpenNMS Horizon
2021-05-25 18:46:58
CVE-2021-25929
2021-05-20 15:15:07
github
github
Cross-site Scripting in OpenNMS Horizon
2021-05-25 18:46:58