Security Vulnerabilities - CVEs Published In June 2021
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-01
SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
CVSS Score
9.1
EPSS Score
0.009
Published
2021-06-01
Page 172