Vulnerability Note VU#203844
SolarWinds Orion IPAM web interface reflected xss vulnerability
SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. It has been reported that input fields are not sanitized allowing for authenticated users to execute scripts against the SolarWinds Orion IPAM web interface
An attacker with access to the SolarWinds Orion IPAM web interface can conduct a reflected cross-site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SOLARWINDS||Affected||02 Aug 2012||31 Oct 2012|
CVSS Metrics (Learn More)
Thanks to Anthony Trummer for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-4939
- Date Public: 31 Oct 2012
- Date First Published: 31 Oct 2012
- Date Last Updated: 31 Oct 2012
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.