XSS attack was possible in DPA 2023.2 due to insufficient input validation
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-07-18
Updated
2023-08-03
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.
Max CVSS
6.1
EPSS Score
0.07%
Published
2023-04-21
Updated
2023-08-03
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-11-23
Updated
2023-08-03
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-01-20
Updated
2023-08-03
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
Max CVSS
5.4
EPSS Score
0.08%
Published
2022-12-16
Updated
2023-08-03
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-09-30
Updated
2023-08-03
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-08-31
Updated
2021-09-09
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-08-31
Updated
2021-09-08
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
Max CVSS
4.8
EPSS Score
0.08%
Published
2021-09-01
Updated
2021-09-09
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
Max CVSS
6.8
EPSS Score
0.08%
Published
2022-04-21
Updated
2022-05-03
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
Max CVSS
5.5
EPSS Score
0.07%
Published
2021-10-21
Updated
2021-10-26
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-10-21
Updated
2021-10-28
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
Max CVSS
9.6
EPSS Score
0.99%
Published
2021-08-31
Updated
2021-09-09
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
Max CVSS
5.4
EPSS Score
0.09%
Published
2021-05-11
Updated
2022-05-13
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-05-05
Updated
2021-05-11
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
Max CVSS
4.8
EPSS Score
0.05%
Published
2021-03-26
Updated
2021-03-29
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-02-03
Updated
2021-02-04
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
Max CVSS
5.4
EPSS Score
0.16%
Published
2021-02-03
Updated
2021-02-25
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
Max CVSS
4.8
EPSS Score
0.15%
Published
2021-05-05
Updated
2021-05-17
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-07-07
Updated
2020-07-13
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-07-07
Updated
2020-07-13
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
Max CVSS
5.4
EPSS Score
0.06%
Published
2020-06-24
Updated
2020-07-07
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
Max CVSS
5.4
EPSS Score
0.06%
Published
2020-06-24
Updated
2020-07-07
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
Max CVSS
9.0
EPSS Score
0.08%
Published
2020-09-17
Updated
2022-01-21
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-12-18
Updated
2019-12-23
44 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!