CVE-2021-25935
- Source
- https://cve.org/CVERecord?id=CVE-2021-25935
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25935.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-25935
- Published
- 2021-05-25T19:15:07.657Z
- Modified
- 2026-04-11T13:53:59.234819Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function
add()performs improper validation checks on the input sent to theforeign-sourceparameter. Due to this flaw an attacker could bypass the existing regex validation and inject an arbitrary script which will be stored in the database. - References
Affected packages
Git / github.com/opennms/opennms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opennms/opennms
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedFixedFixed
- Database specific
{ "versions": [ { "introduced": "17.0.0" }, { "last_affected": "27.1.0" }, { "introduced": "2015.1.0" }, { "last_affected": "2019.1.18" }, { "introduced": "2020.1.0" }, { "last_affected": "2020.1.7" } ] }
Affected versions
meridian-foundation-2020.*
meridian-foundation-2020.1.0-1
meridian-foundation-2020.1.1-1
meridian-foundation-2020.1.2-1
meridian-foundation-2020.1.3-1
meridian-foundation-2020.1.4-1
meridian-foundation-2020.1.5-1
meridian-foundation-2020.1.6-1
meridian-foundation-2020.1.7-1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25935.json"
vanir_signatures_modified
"2026-04-11T13:53:59Z"
vanir_signatures
[
{
"digest": {
"length": 314.0,
"function_hash": "144759024573714915384785318319942410353"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-25935-04412c6e",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"function": "renameGroup",
"file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
}
},
{
"digest": {
"length": 378.0,
"function_hash": "140896969588649620875571293911303623336"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-25935-26db798a",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"function": "doPost",
"file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/RenameUserServlet.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"63862115445021482406981461159020448473",
"192790766046859987790732110517539223001",
"264559957673844931483714759827957494060",
"187562419973017837990659765287661653505"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-25935-756876d8",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/AddNewUserServlet.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"89256397304596016052036103843694799455",
"228142828937052465100599374335507169788",
"253436531422684568205797174898232887867"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-25935-84167b85",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/RenameUserServlet.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"58730506138354010431660930680209411599",
"131372045428180590852460578241088976601",
"107737349864204963929678012583384325367",
"6897653343869269317735066625920671701",
"220882383980174487142093456676728608479",
"52485355072899409265839311709820086238"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-25935-b51ae946",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
}
},
{
"digest": {
"length": 610.0,
"function_hash": "296653347434168606010481034581794117613"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-25935-cb44f906",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"function": "addGroup",
"file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"215985755002245887884707550113681684850",
"11438173654715828717935667960271049116",
"176681594848500904939248140376016076557"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-25935-d4ce405d",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"file": "smoke-test/src/test/java/org/opennms/smoketest/UserIT.java"
}
},
{
"digest": {
"length": 1151.0,
"function_hash": "198479055700301882740520908056306576753"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-25935-eed35066",
"signature_version": "v1",
"source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"target": {
"function": "doPost",
"file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/AddNewUserServlet.java"
}
}
]