CVE-2020-13169

Опубликовано: 17 сент. 2020

Источник: nvd

CVSS3: 9

CVSS2: 3.5

EPSS Низкий

Описание

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

Ссылки

https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
Release Notes
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/
Vendor Advisory
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
Release Notes
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*

Версия до 2020.2.1 (исключая)

EPSS

Процентиль: 81%

0.01534

Низкий

9 Critical

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-32q2-gv5x-j2pp

github

больше 3 лет назад