CVE-2021-25929 in OpenNMS Horizoninformazioni

Riassunto

di MITRE • 21/05/2021

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Prenotare

22/01/2021

Divulgazione

21/05/2021

Moderazione

accettato

CPE

pronto

EPSS

0.01020

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!