GHSA-jjhw-5mxp-2g2q

Suggest an improvement
Source
https://github.com/advisories/GHSA-jjhw-5mxp-2g2q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-jjhw-5mxp-2g2q/GHSA-jjhw-5mxp-2g2q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jjhw-5mxp-2g2q
Aliases
Published
2021-05-25T18:47:01Z
Modified
2023-11-08T04:05:17.775514Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site Scripting in OpenNMS Horizon
Details

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function validateFormInput() performs improper validation checks on the input sent to the groupName and groupComment parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms.

References

Affected packages

Maven / org.opennms:opennms

Package

Name
org.opennms:opennms
View open source insights on deps.dev
Purl
pkg:maven/org.opennms/opennms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
27.1.1