Solarwinds Orion NPM 10.1 Cross Site Scripting

Values placed in the URI of the browser are rendered correctly. Orion NPM 10.1 has just been released, so there is no known fix available as of yet. Examples: Most "variable=" that I've checked are vulnerable:...

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...