SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. It has been reported that input fields are not sanitized allowing for authenticated users to execute scripts against the SolarWinds Orion IPAM web interface
An attacker with access to the SolarWinds Orion IPAM web interface can conduct a reflected cross-site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Thanks to Anthony Trummer for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-10-31|
|Date Last Updated:||2012-10-31 14:32 UTC|