CVE-2019-12954

5.4MEDIUM

Key Information:

Vendor: Solarwinds
Status: Network Performance Monitor Orion Platform 2018 Netpath; Network Performance Monitor Orion Platform 2018 Npm
Vendor: CVE Published:; 17 February 2020

Summary

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.

References

https://www.esecforte.com/cve-2019-12954-solarwinds-netwo...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 17, 2020
Vulnerability Reserved
Jun 24, 2019