-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from JSP scriptlets that directly output user-controlled data from backend models (locations, foreignsources, assets) into HTML contexts without proper sanitization. The commit diffs show systematic addition of WebSecurityUtils.sanitizeString() to these locations, confirming the lack of output encoding was the root cause. High confidence comes from: 1) Explicit vulnerability description about unsanitized parameters in JSPs, 2) Patch patterns showing sanitization being added to exactly these code locations, 3) Multiple independent files showing the same vulnerability pattern.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.opennms:opennms-webapp | maven | >= 31.0.8, < 32.0.2 | 32.0.2 |