CVE-2025-53121

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 33.0.8 through 33.1.5 OpenMNS Meridian versions prior to 2024.2.6

Description: Multiple stored XSS issues were found in OpenMNS Horizon due to unsanitized parameters on different nodes, allowing an attacker to store and inject HTML and/or Javascript on the page. The affected software is intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Recommendations: For OpenMNS Horizon versions 33.0.8 through 33.1.5, upgrade to Horizon 33.1.6 or newer. For OpenMNS Meridian versions prior to 2024.2.6, upgrade to Meridian 2024.2.6 or newer. As a temporary workaround, consider restricting access to the affected nodes to minimize the risk of exploitation.