SolarWinds Orion Network Performance Monitor (NPM) Multiple Security Vulnerabilities

SolarWinds Orion Network Performance Monitor (NPM) is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities.

An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.

The attacker can exploit the HTML-injection issues to execute script code in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user.

SolarWinds Orion Network Performance Monitor (NPM) 10.2.2 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus