{"id":"CVE-2016-6555","details":"OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.","modified":"2026-04-10T03:52:49.048107Z","published":"2021-09-24T21:15:07.067Z","references":[{"type":"FIX","url":"https://github.com/OpenNMS/opennms/pull/1019"},{"type":"EVIDENCE","url":"https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opennms/opennms","events":[{"introduced":"0"},{"fixed":"45e60765ae1246ff20c3538dbb1446ce4d4e642f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"18.0.2-1"}]}}],"versions":["opennms-1.11.1-1","opennms-1.11.3-1","opennms-1.13.2-1","opennms-1.9.0-1","opennms-1.9.4-1","opennms-1.9.93-1","opennms-17.0.0-1","opennms-17.1.0-1","opennms-17.1.1-1","opennms-17.1.1-2","opennms-17.1.1-3","opennms-18.0.0-1","opennms-18.0.1-1","space-integration-12.2-code-freeze"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6555.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}