CVE-2017-9537

4.8MEDIUM

Key Information:

Vendor: Solarwinds
Status: Network Performance Monitor
Vendor: CVE Published:; 3 October 2017

Summary

Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.

References

http://www.securityfocus.com/archive/1/541262/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/101071

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Jun 11, 2017