Stored HTML Injection Vulnerability in SolarWinds Orion Platform by SolarWinds
CVE-2019-12863

4.8MEDIUM

Key Information:

Vendor: Solarwinds
Status: Netpath; Orion Platform; Network Performance Monitor
Vendor: CVE Published:; 25 February 2020

Summary

The SolarWinds Orion Platform version 2018.4 HF3, including Network Performance Monitor (NPM) 12.4 and NetPath 1.1.4, is susceptible to a Stored HTML Injection vulnerability. This issue arises from improper input validation in the Web Console Settings, allowing administrators to inject malicious HTML content. Successful exploitation could lead to potential user interface manipulation, unauthorized access, or information disclosure. Users and administrators are advised to review their system configurations and implement necessary security measures.

References

https://www.solarwinds.com/network-performance-monitor

x_refsource_MISC

https://www.esecforte.com/responsible-vulnerability-discl...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 25, 2020
Vulnerability Reserved
Jun 16, 2019