Reflected Cross-Site Scripting Vulnerability in SolarWinds Platform
CVE-2024-52612

4.8MEDIUM

Key Information:

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 11 February 2025

Summary

The SolarWinds Platform is impacted by a reflected cross-site scripting vulnerability stemming from inadequate sanitization of input parameters. Attackers with access to high-privileged accounts could exploit this flaw, potentially allowing them to execute malicious scripts in users' browsers. Organizations using the SolarWinds Platform should be aware of this vulnerability and review their user account access policies.

Affected Version(s)

SolarWinds Platform Windows 2024.4.1 and previous versions

References

https://documentation.solarwinds.com/en/success_center/or...

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 14, 2024