CRITICAL🇬🇧 English

CVE-2020-13169

CVSS 9.0v3.1pub. 2020-09-17upd. 2024-11-21

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Solarwinds Orion Platform

    APP
    Solarwinds
    < 2020.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2020-10148CRITICAL9.8⚠ KEVten sam produkt

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execu...

CVE-2021-27258CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWi...

CVE-2021-25274CRITICAL9.8ten sam produkt

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doe...

CVE-2019-9546CRITICAL9.8ten sam produkt

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2022-36963HIGH7.2ten sam produkt

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a re...

CVE-2020-13169 — CRITICAL 9.0 | CVEbaza.pl