Multiple Cross-Site Scripting Vulnerabilities in SolarWinds Orion Network Performance Monitor
CVE-2010-4828

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Orion Network Performance Monitor
Vendor: CVE Published:; 24 August 2011

Summary

The SolarWinds Orion Network Performance Monitor 10.1 contains multiple vulnerabilities that allow remote attackers to exploit cross-site scripting. These vulnerabilities arise when user input in the Title parameter on MapView.aspx, the NetObject parameter on NodeDetails.aspx and InterfaceDetails.aspx, and the ChartName parameter on CustomChart.aspx is not properly sanitized. Attackers can leverage these vulnerabilities to inject arbitrary web scripts or HTML, potentially leading to data theft or session hijacking.

References

http://secunia.com/advisories/42486

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/8349

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/515083/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 24, 2011
Vulnerability Reserved
Aug 23, 2011