Page 3 of 12 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) anterior a v10.3.1 permite a atacantes remotos inyectar código web arbitrario o html a través de (1) syslocation, (2) syscontact, o (3) el campo sysName de un fichero snmpd.conf. • https://www.exploit-db.com/exploits/20011 http://secunia.com/advisories/50004 http://www.kb.cert.org/vuls/id/174119 http://www.securityfocus.com/bid/54624 http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/77147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en SolarWinds Orion Network Performance Monitor (NPM) v10.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Title de MapView.aspx; el parámetro NetObject (2) de NodeDetails.aspx y (3) InterfaceDetails.aspx, y el parámetro ChartName (4) de CustomChart.aspx. • http://secunia.com/advisories/42486 http://securityreason.com/securityalert/8349 http://www.securityfocus.com/archive/1/515083/100/0/threaded http://www.securityfocus.com/bid/45257 https://exchange.xforce.ibmcloud.com/vulnerabilities/63956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •