Cross-Site Scripting Vulnerability in SolarWinds Orion Web Console
CVE-2020-14007

5.4MEDIUM

Key Information:

Vendor: Solarwinds
Status: Orion Network Performance Monitor; Orion Web Performance Monitor
Vendor: CVE Published:; 24 June 2020

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the SolarWinds Orion Web Console, specifically affecting alert definitions. This flaw could allow an attacker to inject arbitrary scripts into the application, exposing users to potential data theft or session hijacking. The specific versions identified are WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4. Admins are strongly advised to apply security patches and review alert configurations to mitigate any risks associated with this vulnerability.

References

https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b1...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 24, 2020
Vulnerability Reserved
Jun 10, 2020