Solarwinds » Network Performance Monitor : Security Vulnerabilities, CVEs, Published In 2017
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.
Max CVSS
4.9
EPSS Score
0.18%
Published
2017-10-03
Updated
2018-10-09
Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.
Max CVSS
4.8
EPSS Score
0.07%
Published
2017-10-03
Updated
2018-10-09
2 vulnerabilities found