Stored and DOM XSS in QoE Applications: Orion Platform
CVE-2022-36965

6.1MEDIUM

Key Information:

Vendor
Solarwinds
Vendor
CVE Published:
30 September 2022

Summary

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

Affected Version(s)

Orion Platform Windows 2020.2.6 and previous versions < 2022.3.0

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Shashank Chaurasia
.