Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-24	CVE-2016-6555	Cross-site Scripting vulnerability in Opennms OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. network low complexity opennms CWE-79	6.1
2021-09-24	CVE-2016-6556	Cross-site Scripting vulnerability in Opennms OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. network low complexity opennms CWE-79	6.1
2021-06-01	CVE-2021-25932	Cross-site Scripting vulnerability in Opennms Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. network low complexity opennms CWE-79	5.4
2021-05-25	CVE-2021-25934	Cross-site Scripting vulnerability in Opennms Meridian In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. network low complexity opennms CWE-79	5.4
2021-05-25	CVE-2021-25935	Cross-site Scripting vulnerability in Opennms Meridian In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `add()` performs improper validation checks on the input sent to the `foreign-source` parameter. network low complexity opennms CWE-79	5.4
2021-05-20	CVE-2021-25929	Cross-site Scripting vulnerability in Opennms Horizon and Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. network low complexity opennms CWE-79	4.8
2021-05-20	CVE-2021-25933	Cross-site Scripting vulnerability in Opennms Horizon and Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters. network low complexity opennms CWE-79	4.8
2021-05-20	CVE-2021-25930	Cross-Site Request Forgery (CSRF) vulnerability in Opennms Horizon and Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. network low complexity opennms CWE-352	4.3