CVE-2021-25935

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25935

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25935.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-25935

Published

2021-05-25T19:15:07Z

Modified

2025-10-15T12:47:55.375057Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function add() performs improper validation checks on the input sent to the foreign-source parameter. Due to this flaw an attacker could bypass the existing regex validation and inject an arbitrary script which will be stored in the database.

References

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type: GIT
Repo: https://github.com/opennms/opennms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

101e3aa06ec9a1f8f266335fc6f5685c062c6117

Fixed

eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c

Affected versions

meridian-foundation-2015.*

meridian-foundation-2015.1.0-1

meridian-foundation-2015.1.1-1

meridian-foundation-2015.1.10-1

meridian-foundation-2015.1.2-1

meridian-foundation-2015.1.3-1

meridian-foundation-2015.1.4-1

meridian-foundation-2015.1.5-1

meridian-foundation-2015.1.6-1

meridian-foundation-2015.1.7-1

meridian-foundation-2016.*

meridian-foundation-2016.1.1-1

meridian-foundation-2016.1.10-1

meridian-foundation-2016.1.15-1

meridian-foundation-2016.1.2-1

meridian-foundation-2016.1.3-1

meridian-foundation-2016.1.4-1

meridian-foundation-2016.1.5-1

meridian-foundation-2016.1.6-1

meridian-foundation-2016.1.7-1

meridian-foundation-2016.1.9-1

meridian-foundation-2017.*

meridian-foundation-2017.1.0-1

meridian-foundation-2017.1.10-1

meridian-foundation-2017.1.2-1

meridian-foundation-2017.1.3-1

meridian-foundation-2017.1.4-1

meridian-foundation-2017.1.5-1

opennms-1.*

opennms-1.10.0-1

opennms-1.10.1-1

opennms-1.10.10-1

opennms-1.10.11-1

opennms-1.10.12-1

opennms-1.10.13-1

opennms-1.10.14-1

opennms-1.10.2-1

opennms-1.10.3-1

opennms-1.10.4-1

opennms-1.10.5-1

opennms-1.10.6-1

opennms-1.10.7-1

opennms-1.10.8-1

opennms-1.10.9-1

opennms-1.11.0-1

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.11.90-1

opennms-1.11.91-1

opennms-1.11.92-1

opennms-1.11.93-1

opennms-1.11.94-1

opennms-1.12.0-1

opennms-1.12.1-1

opennms-1.12.2-1

opennms-1.12.3-1

opennms-1.12.4-1

opennms-1.12.5-1

opennms-1.12.6-1

opennms-1.12.7-1

opennms-1.12.8-1

opennms-1.12.9-1

opennms-1.13.0-1

opennms-1.13.1-1

opennms-1.13.2-1

opennms-1.13.3-1

opennms-1.13.4-1

opennms-1.7.9

opennms-1.9.0-1

opennms-1.9.3-2

opennms-1.9.4-1

opennms-1.9.5-1

opennms-1.9.6-1

opennms-1.9.7-1

opennms-1.9.8-1

opennms-1.9.90-1

opennms-1.9.91-1

opennms-1.9.92-1

opennms-1.9.93-1

opennms-14.*

opennms-14.0.0-1

opennms-14.0.1-1

opennms-14.0.2-1

opennms-14.0.3-1

opennms-14.0.3-2

opennms-15.*

opennms-15.0.0-1

opennms-15.0.1-1

opennms-15.0.2-1

opennms-16.*

opennms-16.0.0-1

opennms-16.0.1-1

opennms-16.0.2-1

opennms-16.0.3-1

opennms-16.0.4-1

opennms-17.*

opennms-17.0.0-1

opennms-17.1.0-1

opennms-17.1.1-1

opennms-17.1.1-2

opennms-17.1.1-3

opennms-18.*

opennms-18.0.0-1

opennms-18.0.1-1

opennms-18.0.2-1

opennms-18.0.3-1

opennms-18.0.4-1

opennms-19.*

opennms-19.0.0-1

opennms-19.0.1-1

opennms-19.1.0-1

opennms-20.*

opennms-20.0.0-1

opennms-20.0.1-1

opennms-20.0.2-1

opennms-20.1.0-1

opennms-21.*

opennms-21.0.0-1

opennms-21.0.1-1

opennms-21.0.2-1

opennms-21.0.3-1

opennms-21.0.4-1

opennms-21.0.5-1

opennms-21.1.0-1

opennms-22.*

opennms-22.0.0-1

opennms-22.0.1-1

opennms-22.0.2-1

opennms-22.0.3-1

opennms-22.0.4-1

opennms-23.*

opennms-23.0.0-1

opennms-23.0.1-1

opennms-23.0.2-1

opennms-23.0.3-1

opennms-23.0.4-1

opennms-24.*

opennms-24.0.0-1

opennms-24.1.0-1

opennms-24.1.1-1

opennms-24.1.2-1

opennms-24.1.3-1

opennms-25.*

opennms-25.0.0-1

opennms-25.1.0-1

opennms-25.1.1-1

opennms-25.1.2-1

opennms-25.2.0-1

opennms-25.2.1-1

opennms-26.*

opennms-26.0.0-1

opennms-26.0.1-1

opennms-26.1.0-1

opennms-26.1.1-1

opennms-26.1.2-1

opennms-26.1.3-1

opennms-26.2.0-1

opennms-26.2.1-1

opennms-26.2.2-1

opennms-27.*

opennms-27.0.0-1

opennms-27.0.1-1

opennms-27.0.2-1

opennms-27.0.3-1

opennms-27.0.4-1

opennms-27.0.5-1

space-integration-12.*

space-integration-12.2-code-freeze

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-25935-04412c6e",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "length": 314.0,
            "function_hash": "144759024573714915384785318319942410353"
        },
        "target": {
            "function": "renameGroup",
            "file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-25935-26db798a",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "length": 378.0,
            "function_hash": "140896969588649620875571293911303623336"
        },
        "target": {
            "function": "doPost",
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/RenameUserServlet.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2021-25935-756876d8",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "line_hashes": [
                "63862115445021482406981461159020448473",
                "192790766046859987790732110517539223001",
                "264559957673844931483714759827957494060",
                "187562419973017837990659765287661653505"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/AddNewUserServlet.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2021-25935-84167b85",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "line_hashes": [
                "89256397304596016052036103843694799455",
                "228142828937052465100599374335507169788",
                "253436531422684568205797174898232887867"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/RenameUserServlet.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2021-25935-b51ae946",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "line_hashes": [
                "58730506138354010431660930680209411599",
                "131372045428180590852460578241088976601",
                "107737349864204963929678012583384325367",
                "6897653343869269317735066625920671701",
                "220882383980174487142093456676728608479",
                "52485355072899409265839311709820086238"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-25935-cb44f906",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "length": 610.0,
            "function_hash": "296653347434168606010481034581794117613"
        },
        "target": {
            "function": "addGroup",
            "file": "opennms-webapp/src/main/java/org/opennms/web/controller/admin/group/GroupController.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2021-25935-d4ce405d",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "line_hashes": [
                "215985755002245887884707550113681684850",
                "11438173654715828717935667960271049116",
                "176681594848500904939248140376016076557"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "smoke-test/src/test/java/org/opennms/smoketest/UserIT.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-25935-eed35066",
        "source": "https://github.com/opennms/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
        "digest": {
            "length": 1151.0,
            "function_hash": "198479055700301882740520908056306576753"
        },
        "target": {
            "function": "doPost",
            "file": "opennms-webapp/src/main/java/org/opennms/web/admin/users/AddNewUserServlet.java"
        }
    }
]