SolarWinds Orion Network Performance Monitor (NPM) Multiple Security Vulnerabilities
SolarWinds Orion Network Performance Monitor (NPM) is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities.
An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
The attacker can exploit the HTML-injection issues to execute script code in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user.
SolarWinds Orion Network Performance Monitor (NPM) 10.2.2 is vulnerable; other versions may also be affected.