CVE-2012-2577

EUVD-2012-2563
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
solarwindsorion_network_performance_monitor
𝑥
≤ 10.2
solarwindsorion_network_performance_monitor
7.8.5
solarwindsorion_network_performance_monitor
8.5
solarwindsorion_network_performance_monitor
8.5.1
solarwindsorion_network_performance_monitor
9.0
solarwindsorion_network_performance_monitor
9.1
solarwindsorion_network_performance_monitor
9.5.1
solarwindsorion_network_performance_monitor
10.0
solarwindsorion_network_performance_monitor
10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/50004
http://www.kb.cert.org/vuls/id/174119
http://www.securityfocus.com/bid/54624
http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/77147
http://secunia.com/advisories/50004
http://www.kb.cert.org/vuls/id/174119
http://www.securityfocus.com/bid/54624
http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/77147