CVE-2021-25933

Source
https://cve.org/CVERecord?id=CVE-2021-25933
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25933.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25933
Aliases
Published
2021-05-20T15:15:07.720Z
Modified
2026-07-09T00:13:53.289223Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function validateFormInput() performs improper validation checks on the input sent to the groupName and groupComment parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type
GIT
Repo
https://github.com/opennms/opennms
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": [
        "cpe:2.3:a:opennms:horizon:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "fixed": "27.1.1"
        },
        {
            "introduced": "2015.1.0"
        },
        {
            "fixed": "2019.1.19"
        },
        {
            "introduced": "2020.1.0"
        },
        {
            "fixed": "2020.1.7"
        }
    ]
}

Affected versions

meridian-foundation-2020.*
meridian-foundation-2020.1.0-1
meridian-foundation-2020.1.1-1
meridian-foundation-2020.1.2-1
meridian-foundation-2020.1.3-1
meridian-foundation-2020.1.4-1
meridian-foundation-2020.1.5-1
meridian-foundation-2020.1.6-1

Database specific

vanir_signatures_modified
"2026-07-09T00:13:53Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25933.json"
vanir_signatures
[
    {
        "id": "CVE-2021-25933-025f01ec",
        "digest": {
            "line_hashes": [
                "274512322503962685663647942214031473657",
                "239957005078604087605198069636665484125",
                "51297086796185311165292000712741592405",
                "89316630911645056401425776591707967796"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/399ed865e66ec3cb60674c3e7ec8403309754dfb",
        "deprecated": false,
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        }
    },
    {
        "id": "CVE-2021-25933-04412c6e",
        "digest": {
            "function_hash": "144759024573714915384785318319942410353",
            "length": 314.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "function": "renameGroup",
            "file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
        }
    },
    {
        "id": "CVE-2021-25933-26db798a",
        "digest": {
            "function_hash": "140896969588649620875571293911303623336",
            "length": 378.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "function": "doPost",
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/RenameUserServlet.java"
        }
    },
    {
        "id": "CVE-2021-25933-756876d8",
        "digest": {
            "line_hashes": [
                "63862115445021482406981461159020448473",
                "192790766046859987790732110517539223001",
                "264559957673844931483714759827957494060",
                "187562419973017837990659765287661653505"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/AddNewUserServlet.java"
        }
    },
    {
        "id": "CVE-2021-25933-84167b85",
        "digest": {
            "line_hashes": [
                "89256397304596016052036103843694799455",
                "228142828937052465100599374335507169788",
                "253436531422684568205797174898232887867"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/RenameUserServlet.java"
        }
    },
    {
        "id": "CVE-2021-25933-8629809b",
        "digest": {
            "function_hash": "131658155818715672810866632343923060109",
            "length": 185.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/399ed865e66ec3cb60674c3e7ec8403309754dfb",
        "deprecated": false,
        "target": {
            "function": "getFrameworkUrl",
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        }
    },
    {
        "id": "CVE-2021-25933-b51ae946",
        "digest": {
            "line_hashes": [
                "58730506138354010431660930680209411599",
                "131372045428180590852460578241088976601",
                "107737349864204963929678012583384325367",
                "6897653343869269317735066625920671701",
                "220882383980174487142093456676728608479",
                "52485355072899409265839311709820086238"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
        }
    },
    {
        "id": "CVE-2021-25933-cb44f906",
        "digest": {
            "function_hash": "296653347434168606010481034581794117613",
            "length": 610.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "function": "addGroup",
            "file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
        }
    },
    {
        "id": "CVE-2021-25933-d4ce405d",
        "digest": {
            "line_hashes": [
                "215985755002245887884707550113681684850",
                "11438173654715828717935667960271049116",
                "176681594848500904939248140376016076557"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "file": "smoke-test/src/test/java/org/opennms/smoketest/UserIT.java"
        }
    },
    {
        "id": "CVE-2021-25933-eed35066",
        "digest": {
            "function_hash": "198479055700301882740520908056306576753",
            "length": 1151.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "deprecated": false,
        "target": {
            "function": "doPost",
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/AddNewUserServlet.java"
        }
    }
]