CVE-2020-13169

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
solarwindsorion_platform
𝑥
< 2020.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
https://support.solarwinds.com/SuccessCenter/s/
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
https://support.solarwinds.com/SuccessCenter/s/