CVE-2012-2577 – SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2577
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) anterior a v10.3.1 permite a atacantes remotos inyectar código web arbitrario o html a través de (1) syslocation, (2) syscontact, o (3) el campo sysName de un fichero snmpd.conf. • https://www.exploit-db.com/exploits/20011 http://secunia.com/advisories/50004 http://www.kb.cert.org/vuls/id/174119 http://www.securityfocus.com/bid/54624 http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/77147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4828
https://notcve.org/view.php?id=CVE-2010-4828
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) v10.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Title de MapView.aspx; el parámetro NetObject (2) de NodeDetails.aspx y (3) InterfaceDetails.aspx, y el parámetro ChartName (4) de CustomChart.aspx. • http://secunia.com/advisories/42486 http://securityreason.com/securityalert/8349 http://www.securityfocus.com/archive/1/515083/100/0/threaded http://www.securityfocus.com/bid/45257 https://exchange.xforce.ibmcloud.com/vulnerabilities/63956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •