CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12954

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.029

EPSS Ranking 85.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://www.esecforte.com/cve-2019-12954-solarwinds-network-performance-monitor-orion-platform-2018-npm-12-3-netpath-1-1-3-vulnerable-for-stored-xss/
https://www.esecforte.com/cve-2019-12954-solarwinds-network-performance-monitor-orion-platform-2018-npm-12-3-netpath-1-1-3-vulnerable-for-stored-xss/

Products affected by CVE-2019-12954

Solarwinds » Network Performance Monitor Orion Platform 2018 Netpath » Version: 1.1.3

cpe:2.3:a:solarwinds:network_performance_monitor_orion_platform_2018_netpath:1.1.3
Solarwinds » Network Performance Monitor Orion Platform 2018 Npm » Version: 12.3

cpe:2.3:a:solarwinds:network_performance_monitor_orion_platform_2018_npm:12.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12954

Products

Pricing

Contact Us