CVE-2012-2577

SolarWinds Orion Network Performance Monitor < 10.3.1 - Cross-Site Scripting via SNMPD Configuration Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2577.

AI-analyzed exploit summary This JavaScript exploit demonstrates a persistent XSS and CSRF vulnerability in SolarWinds Orion Network Performance Monitor 10.2.2. It leverages malicious SNMP fields (syslocation, syscontact, sysName) to inject JavaScript and create an admin account via CSRF.

Description

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.

Exploits (1)

exploitdb WORKING POC
javascriptwebappswindows
https://www.exploit-db.com/exploits/20011

This JavaScript exploit demonstrates a persistent XSS and CSRF vulnerability in SolarWinds Orion Network Performance Monitor 10.2.2. It leverages malicious SNMP fields (syslocation, syscontact, sysName) to inject JavaScript and create an admin account via CSRF.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Orion Network Performance Monitor 10.2.2
No auth needed
Prerequisites: Victim must access a page with the malicious SNMP data · Attacker must control the SNMP response
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/174119
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50004
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77147
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54624

Scores

EPSS 0.1875
EPSS Percentile 95.5%

Details

CWE
CWE-79
Status published
Products (9)
solarwinds/orion_network_performance_monitor 7.8.5
solarwinds/orion_network_performance_monitor 8.5
solarwinds/orion_network_performance_monitor 8.5.1
solarwinds/orion_network_performance_monitor 9.0
solarwinds/orion_network_performance_monitor 9.1
solarwinds/orion_network_performance_monitor 9.5.1
solarwinds/orion_network_performance_monitor 10.0
solarwinds/orion_network_performance_monitor 10.1
solarwinds/orion_network_performance_monitor < 10.2
Published Aug 12, 2012
Tracked Since Feb 18, 2026