CVE-2016-6555

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-6555
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6555.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-6555
Published
2021-09-24T21:15:07.067Z
Modified
2026-04-10T03:52:49.048107Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type
GIT
Repo
https://github.com/opennms/opennms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
45e60765ae1246ff20c3538dbb1446ce4d4e642f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "18.0.2-1"
        }
    ]
}

Affected versions

opennms-1.*
opennms-1.11.1-1
opennms-1.11.3-1
opennms-1.13.2-1
opennms-1.9.0-1
opennms-1.9.4-1
opennms-1.9.93-1
opennms-17.*
opennms-17.0.0-1
opennms-17.1.0-1
opennms-17.1.1-1
opennms-17.1.1-2
opennms-17.1.1-3
opennms-18.*
opennms-18.0.0-1
opennms-18.0.1-1
space-integration-12.*
space-integration-12.2-code-freeze

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6555.json"