CVE-2021-25934

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25934

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25934.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25934

Aliases

GHSA-9hhc-cc6c-99hh

Published

2021-05-25T19:15:07Z

Modified

2024-05-30T03:00:33.389635Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function createRequisitionedNode() does not perform any validation checks on the input sent to the node-label parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type: GIT
Repo: https://github.com/opennms/opennms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

101e3aa06ec9a1f8f266335fc6f5685c062c6117

Fixed

eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c

Affected versions

meridian-foundation-2015.*

meridian-foundation-2015.1.0-1

meridian-foundation-2015.1.1-1

meridian-foundation-2015.1.10-1

meridian-foundation-2015.1.2-1

meridian-foundation-2015.1.3-1

meridian-foundation-2015.1.4-1

meridian-foundation-2015.1.5-1

meridian-foundation-2015.1.6-1

meridian-foundation-2015.1.7-1

meridian-foundation-2016.*

meridian-foundation-2016.1.1-1

meridian-foundation-2016.1.10-1

meridian-foundation-2016.1.15-1

meridian-foundation-2016.1.2-1

meridian-foundation-2016.1.3-1

meridian-foundation-2016.1.4-1

meridian-foundation-2016.1.5-1

meridian-foundation-2016.1.6-1

meridian-foundation-2016.1.7-1

meridian-foundation-2016.1.9-1

meridian-foundation-2017.*

meridian-foundation-2017.1.0-1

meridian-foundation-2017.1.10-1

meridian-foundation-2017.1.2-1

meridian-foundation-2017.1.3-1

meridian-foundation-2017.1.4-1

meridian-foundation-2017.1.5-1

opennms-1.*

opennms-1.10.0-1

opennms-1.10.1-1

opennms-1.10.10-1

opennms-1.10.11-1

opennms-1.10.12-1

opennms-1.10.13-1

opennms-1.10.14-1

opennms-1.10.2-1

opennms-1.10.3-1

opennms-1.10.4-1

opennms-1.10.5-1

opennms-1.10.6-1

opennms-1.10.7-1

opennms-1.10.8-1

opennms-1.10.9-1

opennms-1.11.0-1

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.11.90-1

opennms-1.11.91-1

opennms-1.11.92-1

opennms-1.11.93-1

opennms-1.11.94-1

opennms-1.12.0-1

opennms-1.12.1-1

opennms-1.12.2-1

opennms-1.12.3-1

opennms-1.12.4-1

opennms-1.12.5-1

opennms-1.12.6-1

opennms-1.12.7-1

opennms-1.12.8-1

opennms-1.12.9-1

opennms-1.13.0-1

opennms-1.13.1-1

opennms-1.13.2-1

opennms-1.13.3-1

opennms-1.13.4-1

opennms-1.7.9

opennms-1.9.0-1

opennms-1.9.3-2

opennms-1.9.4-1

opennms-1.9.5-1

opennms-1.9.6-1

opennms-1.9.7-1

opennms-1.9.8-1

opennms-1.9.90-1

opennms-1.9.91-1

opennms-1.9.92-1

opennms-1.9.93-1

opennms-14.*

opennms-14.0.0-1

opennms-14.0.1-1

opennms-14.0.2-1

opennms-14.0.3-1

opennms-14.0.3-2

opennms-15.*

opennms-15.0.0-1

opennms-15.0.1-1

opennms-15.0.2-1

opennms-16.*

opennms-16.0.0-1

opennms-16.0.1-1

opennms-16.0.2-1

opennms-16.0.3-1

opennms-16.0.4-1

opennms-17.*

opennms-17.0.0-1

opennms-17.1.0-1

opennms-17.1.1-1

opennms-17.1.1-2

opennms-17.1.1-3

opennms-18.*

opennms-18.0.0-1

opennms-18.0.1-1

opennms-18.0.2-1

opennms-18.0.3-1

opennms-18.0.4-1

opennms-19.*

opennms-19.0.0-1

opennms-19.0.1-1

opennms-19.1.0-1

opennms-20.*

opennms-20.0.0-1

opennms-20.0.1-1

opennms-20.0.2-1

opennms-20.1.0-1

opennms-21.*

opennms-21.0.0-1

opennms-21.0.1-1

opennms-21.0.2-1

opennms-21.0.3-1

opennms-21.0.4-1

opennms-21.0.5-1

opennms-21.1.0-1

opennms-22.*

opennms-22.0.0-1

opennms-22.0.1-1

opennms-22.0.2-1

opennms-22.0.3-1

opennms-22.0.4-1

opennms-23.*

opennms-23.0.0-1

opennms-23.0.1-1

opennms-23.0.2-1

opennms-23.0.3-1

opennms-23.0.4-1

opennms-24.*

opennms-24.0.0-1

opennms-24.1.0-1

opennms-24.1.1-1

opennms-24.1.2-1

opennms-24.1.3-1

opennms-25.*

opennms-25.0.0-1

opennms-25.1.0-1

opennms-25.1.1-1

opennms-25.1.2-1

opennms-25.2.0-1

opennms-25.2.1-1

opennms-26.*

opennms-26.0.0-1

opennms-26.0.1-1

opennms-26.1.0-1

opennms-26.1.1-1

opennms-26.1.2-1

opennms-26.1.3-1

opennms-26.2.0-1

opennms-26.2.1-1

opennms-26.2.2-1

opennms-27.*

opennms-27.0.0-1

opennms-27.0.1-1

opennms-27.0.2-1

opennms-27.0.3-1

opennms-27.0.4-1

opennms-27.0.5-1

space-integration-12.*

space-integration-12.2-code-freeze