CVE-2016-6556

Name of the Vulnerable Software and Affected Versions OpenNMS versions prior to 18.0.2

Description The issue is related to a stored XSS problem due to insufficient filtering of SNMP agent supplied data. An attacker can create a malicious SNMP sysName or sysContact response to store an XSS payload, which will trigger when a user views the data in the web UI.

Recommendations For OpenNMS versions prior to 18.0.2, update to version 18.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of SNMP sysName and sysContact responses until a patch is applied.