Rapid7 released four notifications on Wednesday, addressing six vulnerabilities in Network Management Systems offered by Opsview, Spiceworks, Ipswitch, and Castle Rock. NMSes are commonly used to track networked assets using protocols like SNMP (Simple Network Management Protocol) They are an easy way to catalogue basic details about connected systems; admins use them to get hostnames, OS information, and more. Vulnerabilities include Cross-Site Scripting (XSS) vulnerabilities, as well as SQL Injection (SQLi) vulnerabilities.”]
Source: https://www.csoonline.com/article/3015834/network-management-vendors-patch-sqli-and-xss-flaws.html