Cross-Site Scripting Vulnerabilities in SolarWinds Orion Network Performance Monitor
CVE-2012-2577

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Orion Network Performance Monitor
Vendor: CVE Published:; 12 August 2012

Summary

SolarWinds Orion Network Performance Monitor versions prior to 10.3.1 are susceptible to multiple Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into the application through manipulated input in the syslocation, syscontact, and sysName fields of the snmpd.conf file. Successful exploitation could lead to unauthorized access and manipulation of the user experience, potentially compromising sensitive data.

References

http://www.solarwinds.com/documentation/Orion/docs/Releas...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/174119

third-party-advisoryx_refsource_CERT-VN

http://secunia.com/advisories/50004

third-party-advisoryx_refsource_SECUNIA

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2012
Vulnerability Reserved
May 9, 2012