Reflected Cross-Site Scripting Vulnerability in SolarWinds Platform
CVE-2024-52612

6.8MEDIUM

Key Information:

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 11 February 2025

Summary

The SolarWinds Platform is impacted by a reflected cross-site scripting vulnerability stemming from inadequate sanitization of input parameters. Attackers with access to high-privileged accounts could exploit this flaw, potentially allowing them to execute malicious scripts in users' browsers. Organizations using the SolarWinds Platform should be aware of this vulnerability and review their user account access policies.

Affected Version(s)

SolarWinds Platform Windows 2024.4.1 and previous versions

References

https://documentation.solarwinds.com/en/success_center/or...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 14, 2024