Vulnerability Details CVE-2016-6555
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.3%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 4.3
References
- https://github.com/OpenNMS/opennms/pull/1019
- https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/
- https://github.com/OpenNMS/opennms/pull/1019
- https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/
Products affected by CVE-2016-6555
-
cpe:2.3:a:opennms:opennms:-
-
cpe:2.3:a:opennms:opennms:1.0
-
cpe:2.3:a:opennms:opennms:1.0.1
-
cpe:2.3:a:opennms:opennms:1.0.2
-
cpe:2.3:a:opennms:opennms:1.0.2-1
-
cpe:2.3:a:opennms:opennms:1.1.0
-
cpe:2.3:a:opennms:opennms:1.1.1
-
cpe:2.3:a:opennms:opennms:1.1.1-1
-
cpe:2.3:a:opennms:opennms:1.1.2-1
-
cpe:2.3:a:opennms:opennms:1.1.3-1
-
cpe:2.3:a:opennms:opennms:1.1.3-2
-
cpe:2.3:a:opennms:opennms:1.1.4-1
-
cpe:2.3:a:opennms:opennms:1.1.5-1
-
cpe:2.3:a:opennms:opennms:1.10.0
-
cpe:2.3:a:opennms:opennms:1.10.1
-
cpe:2.3:a:opennms:opennms:1.10.10
-
cpe:2.3:a:opennms:opennms:1.10.11
-
cpe:2.3:a:opennms:opennms:1.10.12
-
cpe:2.3:a:opennms:opennms:1.10.13
-
cpe:2.3:a:opennms:opennms:1.10.14
-
cpe:2.3:a:opennms:opennms:1.10.2
-
cpe:2.3:a:opennms:opennms:1.10.3
-
cpe:2.3:a:opennms:opennms:1.10.4
-
cpe:2.3:a:opennms:opennms:1.10.5
-
cpe:2.3:a:opennms:opennms:1.10.6
-
cpe:2.3:a:opennms:opennms:1.10.7
-
cpe:2.3:a:opennms:opennms:1.10.8
-
cpe:2.3:a:opennms:opennms:1.10.9
-
cpe:2.3:a:opennms:opennms:1.11.0
-
cpe:2.3:a:opennms:opennms:1.11.1
-
cpe:2.3:a:opennms:opennms:1.11.2
-
cpe:2.3:a:opennms:opennms:1.11.3
-
cpe:2.3:a:opennms:opennms:1.11.90
-
cpe:2.3:a:opennms:opennms:1.11.91
-
cpe:2.3:a:opennms:opennms:1.11.92
-
cpe:2.3:a:opennms:opennms:1.11.93
-
cpe:2.3:a:opennms:opennms:1.11.94
-
cpe:2.3:a:opennms:opennms:1.12.0
-
cpe:2.3:a:opennms:opennms:1.12.1
-
cpe:2.3:a:opennms:opennms:1.12.2
-
cpe:2.3:a:opennms:opennms:1.12.3
-
cpe:2.3:a:opennms:opennms:1.12.4
-
cpe:2.3:a:opennms:opennms:1.12.5
-
cpe:2.3:a:opennms:opennms:1.12.6
-
cpe:2.3:a:opennms:opennms:1.12.7
-
cpe:2.3:a:opennms:opennms:1.12.8
-
cpe:2.3:a:opennms:opennms:1.12.9-1
-
cpe:2.3:a:opennms:opennms:1.13.0-1
-
cpe:2.3:a:opennms:opennms:1.13.1-1
-
cpe:2.3:a:opennms:opennms:1.13.2-1
-
cpe:2.3:a:opennms:opennms:1.13.3-1
-
cpe:2.3:a:opennms:opennms:1.13.4-1
-
cpe:2.3:a:opennms:opennms:1.2
-
cpe:2.3:a:opennms:opennms:1.2.0-1
-
cpe:2.3:a:opennms:opennms:1.2.1-1
-
cpe:2.3:a:opennms:opennms:1.2.1-2
-
cpe:2.3:a:opennms:opennms:1.2.2
-
cpe:2.3:a:opennms:opennms:1.2.3
-
cpe:2.3:a:opennms:opennms:1.2.4
-
cpe:2.3:a:opennms:opennms:1.2.5
-
cpe:2.3:a:opennms:opennms:1.2.6
-
cpe:2.3:a:opennms:opennms:1.2.7
-
cpe:2.3:a:opennms:opennms:1.2.8
-
cpe:2.3:a:opennms:opennms:1.2.9
-
cpe:2.3:a:opennms:opennms:1.3.0
-
cpe:2.3:a:opennms:opennms:1.3.1
-
cpe:2.3:a:opennms:opennms:1.3.10
-
cpe:2.3:a:opennms:opennms:1.3.11
-
cpe:2.3:a:opennms:opennms:1.3.2
-
cpe:2.3:a:opennms:opennms:1.3.3
-
cpe:2.3:a:opennms:opennms:1.3.4
-
cpe:2.3:a:opennms:opennms:1.3.5
-
cpe:2.3:a:opennms:opennms:1.3.6
-
cpe:2.3:a:opennms:opennms:1.3.7
-
cpe:2.3:a:opennms:opennms:1.3.8
-
cpe:2.3:a:opennms:opennms:1.3.9
-
cpe:2.3:a:opennms:opennms:1.5.90
-
cpe:2.3:a:opennms:opennms:1.5.91
-
cpe:2.3:a:opennms:opennms:1.5.92
-
cpe:2.3:a:opennms:opennms:1.5.93
-
cpe:2.3:a:opennms:opennms:1.5.94
-
cpe:2.3:a:opennms:opennms:1.5.95
-
cpe:2.3:a:opennms:opennms:1.5.96
-
cpe:2.3:a:opennms:opennms:1.5.97
-
cpe:2.3:a:opennms:opennms:1.5.98
-
cpe:2.3:a:opennms:opennms:1.5.99
-
cpe:2.3:a:opennms:opennms:1.6.0
-
cpe:2.3:a:opennms:opennms:1.6.1
-
cpe:2.3:a:opennms:opennms:1.6.10
-
cpe:2.3:a:opennms:opennms:1.6.11-1
-
cpe:2.3:a:opennms:opennms:1.6.11-2
-
cpe:2.3:a:opennms:opennms:1.6.2
-
cpe:2.3:a:opennms:opennms:1.6.3
-
cpe:2.3:a:opennms:opennms:1.6.4
-
cpe:2.3:a:opennms:opennms:1.6.5
-
cpe:2.3:a:opennms:opennms:1.6.6
-
cpe:2.3:a:opennms:opennms:1.6.7
-
cpe:2.3:a:opennms:opennms:1.6.8
-
cpe:2.3:a:opennms:opennms:1.6.9
-
cpe:2.3:a:opennms:opennms:1.7.0
-
cpe:2.3:a:opennms:opennms:1.7.1
-
cpe:2.3:a:opennms:opennms:1.7.10
-
cpe:2.3:a:opennms:opennms:1.7.10-2
-
cpe:2.3:a:opennms:opennms:1.7.10-3
-
cpe:2.3:a:opennms:opennms:1.7.2
-
cpe:2.3:a:opennms:opennms:1.7.3
-
cpe:2.3:a:opennms:opennms:1.7.4
-
cpe:2.3:a:opennms:opennms:1.7.5
-
cpe:2.3:a:opennms:opennms:1.7.6
-
cpe:2.3:a:opennms:opennms:1.7.7
-
cpe:2.3:a:opennms:opennms:1.7.8
-
cpe:2.3:a:opennms:opennms:1.7.9
-
cpe:2.3:a:opennms:opennms:1.7.90-2
-
cpe:2.3:a:opennms:opennms:1.7.91-1
-
cpe:2.3:a:opennms:opennms:1.7.92-1
-
cpe:2.3:a:opennms:opennms:1.8.0-1
-
cpe:2.3:a:opennms:opennms:1.8.0-2
-
cpe:2.3:a:opennms:opennms:1.8.1-1
-
cpe:2.3:a:opennms:opennms:1.8.10-1
-
cpe:2.3:a:opennms:opennms:1.8.10-2
-
cpe:2.3:a:opennms:opennms:1.8.11-1
-
cpe:2.3:a:opennms:opennms:1.8.12-1
-
cpe:2.3:a:opennms:opennms:1.8.13-1
-
cpe:2.3:a:opennms:opennms:1.8.14-1
-
cpe:2.3:a:opennms:opennms:1.8.15-1
-
cpe:2.3:a:opennms:opennms:1.8.16-1
-
cpe:2.3:a:opennms:opennms:1.8.17-1
-
cpe:2.3:a:opennms:opennms:1.8.17-2
-
cpe:2.3:a:opennms:opennms:1.8.2-1
-
cpe:2.3:a:opennms:opennms:1.8.3-2
-
cpe:2.3:a:opennms:opennms:1.8.3-3
-
cpe:2.3:a:opennms:opennms:1.8.4-2
-
cpe:2.3:a:opennms:opennms:1.8.5-1
-
cpe:2.3:a:opennms:opennms:1.8.6-1
-
cpe:2.3:a:opennms:opennms:1.8.7-1
-
cpe:2.3:a:opennms:opennms:1.8.8-1
-
cpe:2.3:a:opennms:opennms:1.8.9-1
-
cpe:2.3:a:opennms:opennms:1.9.0
-
cpe:2.3:a:opennms:opennms:1.9.1
-
cpe:2.3:a:opennms:opennms:1.9.2
-
cpe:2.3:a:opennms:opennms:1.9.3
-
cpe:2.3:a:opennms:opennms:1.9.4
-
cpe:2.3:a:opennms:opennms:1.9.5
-
cpe:2.3:a:opennms:opennms:1.9.6
-
cpe:2.3:a:opennms:opennms:1.9.7
-
cpe:2.3:a:opennms:opennms:1.9.8
-
cpe:2.3:a:opennms:opennms:1.9.90
-
cpe:2.3:a:opennms:opennms:1.9.91
-
cpe:2.3:a:opennms:opennms:1.9.92
-
cpe:2.3:a:opennms:opennms:1.9.93
-
cpe:2.3:a:opennms:opennms:14.0.0-1
-
cpe:2.3:a:opennms:opennms:14.0.1-1
-
cpe:2.3:a:opennms:opennms:14.0.2-1
-
cpe:2.3:a:opennms:opennms:14.0.3-1
-
cpe:2.3:a:opennms:opennms:14.0.3-2
-
cpe:2.3:a:opennms:opennms:15.0.0-1
-
cpe:2.3:a:opennms:opennms:15.0.1-1
-
cpe:2.3:a:opennms:opennms:15.0.2-1
-
cpe:2.3:a:opennms:opennms:16.0.0-1
-
cpe:2.3:a:opennms:opennms:16.0.1-1
-
cpe:2.3:a:opennms:opennms:16.0.2-1
-
cpe:2.3:a:opennms:opennms:16.0.3-1
-
cpe:2.3:a:opennms:opennms:16.0.4-1
-
cpe:2.3:a:opennms:opennms:17.0.0-1
-
cpe:2.3:a:opennms:opennms:17.1.0-1
-
cpe:2.3:a:opennms:opennms:17.1.1-1
-
cpe:2.3:a:opennms:opennms:17.1.1-2
-
cpe:2.3:a:opennms:opennms:17.1.1-3
-
cpe:2.3:a:opennms:opennms:18.0.0-1
-
cpe:2.3:a:opennms:opennms:18.0.1-1