PT-2021-8426 · Opennms · Opennms

Matthew Kienow

Published

2021-09-24

Updated

2022-06-15

CVE-2016-6555

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenNMS versions 18.0.1 and prior

Description The issue is related to a stored XSS problem due to insufficient filtering of SNMP trap supplied data. An attacker can create a malicious SNMP trap to store an XSS payload, which will trigger when a user views the events list page in the web UI.

Recommendations For OpenNMS versions 18.0.1 and prior, update to version 18.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the events list page in the web UI until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-6555

Affected Products

Opennms

PT-2021-8426 · Opennms · Opennms

CVE-2016-6555

Weakness Enumeration

Related Identifiers

Affected Products

References · 5