GHSA-9hhc-cc6c-99hh

Suggest an improvement
Source
https://github.com/advisories/GHSA-9hhc-cc6c-99hh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hhc-cc6c-99hh/GHSA-9hhc-cc6c-99hh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9hhc-cc6c-99hh
Aliases
Published
2022-05-24T19:03:10Z
Modified
2023-11-08T04:05:17.835882Z
Summary
OpenNMS Horizon vulnerable to XSS
Details

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function createRequisitionedNode() does not perform any validation checks on the input sent to the node-label parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.

Database specific 
{
    "nvd_published_at": "2021-05-25T19:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-13T17:03:30Z"
}
References

Affected packages

Maven / org.opennms:opennms

Package

Name
org.opennms:opennms
View open source insights on deps.dev
Purl
pkg:maven/org.opennms/opennms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
18.0.0-1
Last affected
27.1.0-1