SolarWinds Platform Vulnerable to XSS Attack
CVE-2024-29003

5.4MEDIUM

Key Information:

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 18 April 2024

Summary

The SolarWinds Platform is impacted by a cross-site scripting vulnerability specifically found within the maps section of its user interface. This issue can be exploited by authenticated users who interact with the affected UI component, potentially allowing for malicious scripts to be executed within the context of the user's session. Users are encouraged to apply the recommended security patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

SolarWinds Platform 2024.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/or...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 18, 2024

Credit

Jean-Michel Huguet & Arnoldas Radisauskas working with NATO