CVE-2021-25933

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-25933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25933

Aliases

GHSA-jjhw-5mxp-2g2q

Published

2021-05-20T15:15:07.720Z

Modified

2026-02-12T01:04:08.572764Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function validateFormInput() performs improper validation checks on the input sent to the groupName and groupComment parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type: GIT
Repo: https://github.com/opennms/opennms
Events: Introduced

67c7635a68963a3005df7aedd41195eb23d9f41b

Fixed

399ed865e66ec3cb60674c3e7ec8403309754dfb

Introduced

0d3624eadab83197935d675b014fa7d8190e0258

Fixed

4ad904678528a4f8e26ae3e776b1009f6564be2e

Introduced

9e5617454f5f5d44dcd2fff3a33b603038b52530

Fixed

bfd3de5ac0f158e2e1a257d0ee30291281334e60

Affected versions

meridian-foundation-2015.*

meridian-foundation-2015.1.0-1

meridian-foundation-2015.1.1-1

meridian-foundation-2015.1.10-1

meridian-foundation-2015.1.2-1

meridian-foundation-2015.1.3-1

meridian-foundation-2015.1.4-1

meridian-foundation-2015.1.5-1

meridian-foundation-2015.1.6-1

meridian-foundation-2015.1.7-1

meridian-foundation-2016.*

meridian-foundation-2016.1.1-1

meridian-foundation-2016.1.10-1

meridian-foundation-2016.1.15-1

meridian-foundation-2016.1.2-1

meridian-foundation-2016.1.3-1

meridian-foundation-2016.1.4-1

meridian-foundation-2016.1.5-1

meridian-foundation-2016.1.6-1

meridian-foundation-2016.1.7-1

meridian-foundation-2016.1.9-1

meridian-foundation-2017.*

meridian-foundation-2017.1.0-1

meridian-foundation-2017.1.10-1

meridian-foundation-2017.1.2-1

meridian-foundation-2017.1.3-1

meridian-foundation-2017.1.4-1

meridian-foundation-2017.1.5-1

opennms-15.*

opennms-15.0.0-1

opennms-15.0.1-1

opennms-15.0.2-1

opennms-16.*

opennms-16.0.0-1

opennms-16.0.1-1

opennms-16.0.2-1

opennms-16.0.3-1

opennms-16.0.4-1

opennms-17.*

opennms-17.0.0-1

opennms-17.1.0-1

opennms-17.1.1-1

opennms-17.1.1-2

opennms-17.1.1-3

opennms-18.*

opennms-18.0.0-1

opennms-18.0.1-1

opennms-18.0.2-1

opennms-18.0.3-1

opennms-18.0.4-1

opennms-19.*

opennms-19.0.0-1

opennms-19.0.1-1

opennms-19.1.0-1

opennms-20.*

opennms-20.0.0-1

opennms-20.0.1-1

opennms-20.0.2-1

opennms-20.1.0-1

opennms-21.*

opennms-21.0.0-1

opennms-21.0.1-1

opennms-21.0.2-1

opennms-21.0.3-1

opennms-21.0.4-1

opennms-21.0.5-1

opennms-21.1.0-1

opennms-22.*

opennms-22.0.0-1

opennms-22.0.1-1

opennms-22.0.2-1

opennms-22.0.3-1

opennms-22.0.4-1

opennms-23.*

opennms-23.0.0-1

opennms-23.0.1-1

opennms-23.0.2-1

opennms-23.0.3-1

opennms-23.0.4-1

opennms-24.*

opennms-24.0.0-1

opennms-24.1.0-1

opennms-24.1.1-1

opennms-24.1.2-1

opennms-24.1.3-1

opennms-25.*

opennms-25.0.0-1

opennms-25.1.0-1

opennms-25.1.1-1

opennms-25.1.2-1

opennms-25.2.0-1

opennms-25.2.1-1

opennms-26.*

opennms-26.0.0-1

opennms-26.0.1-1

opennms-26.1.0-1

opennms-26.1.1-1

opennms-26.1.2-1

opennms-26.1.3-1

opennms-26.2.0-1

opennms-26.2.1-1

opennms-26.2.2-1

opennms-27.*

opennms-27.0.0-1

opennms-27.0.1-1

opennms-27.0.2-1

opennms-27.0.3-1

opennms-27.0.4-1

opennms-27.0.5-1

opennms-27.1.0-1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25933.json"

vanir_signatures

[
    {
        "id": "CVE-2021-25933-025f01ec",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "274512322503962685663647942214031473657",
                "239957005078604087605198069636665484125",
                "51297086796185311165292000712741592405",
                "89316630911645056401425776591707967796"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/opennms/opennms/commit/399ed865e66ec3cb60674c3e7ec8403309754dfb",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2021-25933-8629809b",
        "signature_type": "Function",
        "digest": {
            "function_hash": "131658155818715672810866632343923060109",
            "length": 185.0
        },
        "signature_version": "v1",
        "source": "https://github.com/opennms/opennms/commit/399ed865e66ec3cb60674c3e7ec8403309754dfb",
        "target": {
            "function": "getFrameworkUrl",
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        },
        "deprecated": false
    }
]