We found results for “”
CVE-2021-25932
Date: June 1, 2021
Overview
in OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1--meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.Details
The module `opennms` can be abused by Stored Cross-Site Scripting vulnerability since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. The `validateFormInput()` function simply adds a new user to a group on the server and accepts user input via `userID` parameter. Due to lack of validation on the value passed into the parameter, an attacker can supply a crafted arbitrary script bypassing the existing validation check.PoC Details
Login to the application and navigate to the opennms/admin/userGroupView/users/list.jsp endpoint. Click on “Add New User" and insert the payload in the “User ID" field, and enter a simple random password. Click on “Ok" and you’ll be directed to a page with user information. Scroll down and click “Finish". Now you’ll be presented with a pop-up indicating the successful execution of the script.PoC Code
<script>alert(“XSS")</script>
Affected Environments
opennms-1-0-stable, opennms-1.0.1 through opennms-27.1.0-1, meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1, meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1Prevention
Upgrade to Horizon 27.1.1, Meridian 2020.1.7 or Meridian 2019.1.19Language: Java
Good to know:
Cross-Site Scripting (XSS)
CWE-79Upgrade Version
Upgrade to version opennms-27.1.1-1,meridian-foundation-2019.1.19-1,meridian-foundation-2020.1.7-1
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | Low |
User Interaction (UI): | Required |
Scope (S): | Changed |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |
Base Score: |
|
---|---|
Access Vector (AV): | Network |
Access Complexity (AC): | Medium |
Authentication (AU): | Single |
Confidentiality (C): | None |
Integrity (I): | Partial |
Availability (A): | None |
Additional information: |