X0Skel

**Name of the Vulnerable Software and Affected Versions** SolarWinds Orion Network Performance Monitor (NPM) version 10.1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters in various pages, including the `Title` parameter to "MapView.aspx", `NetObject` parameter to "NodeDetails.aspx" and "InterfaceDetails.aspx", and the `ChartName` parameter to "CustomChart.aspx". **Recommendations** For SolarWinds Orion Network Performance Monitor (NPM) version 10.1, consider restricting access to the vulnerable parameters `Title`, `NetObject`, and `ChartName` in the respective API endpoints "MapView.aspx", "NodeDetails.aspx", "InterfaceDetails.aspx", and "CustomChart.aspx" until a patch is available. Avoid using these parameters in the affected API endpoints to minimize the risk of exploitation.