CVE-2019-12954

MEDIUM

SolarWinds Orion Platform 2018 NPM 12.3 NetPath 1.1.3 - Authenticated Stored XSS via VIDEO onerror

Title source: llm

Description

SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.esecforte.com/cve-2019-12954-solarwinds-network-performance-monitor-orion-platform-2018-npm-12-3-netpath-1-1-3-vulnerable-for-stored-xss/

Scores

CVSS v3 5.4

EPSS 0.0289

EPSS Percentile 86.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

solarwinds/network_performance_monitor_orion_platform_2018_netpath 1.1.3

solarwinds/network_performance_monitor_orion_platform_2018_npm 12.3

Published Feb 17, 2020

Tracked Since Feb 18, 2026