Vulnerabilities > Solarwinds > Orion Platform > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-35238 | Cross-site Scripting vulnerability in Solarwinds Orion Platform User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. | 3.5 |
| 2021-08-31 | CVE-2021-35240 | Cross-site Scripting vulnerability in Solarwinds Orion Platform A security researcher stored XSS via a Help Server setting. | 3.5 |
| 2021-08-31 | CVE-2021-35239 | Cross-site Scripting vulnerability in Solarwinds Orion Platform A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | 3.5 |
| 2021-03-26 | CVE-2020-35856 | Cross-site Scripting vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | 3.5 |
| 2021-02-03 | CVE-2021-25275 | Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. | 2.1 |
| 2020-09-17 | CVE-2020-13169 | Cross-site Scripting vulnerability in Solarwinds Orion Platform Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. | 3.5 |
| 2020-05-04 | CVE-2019-12864 | Information Exposure vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | 2.1 |
| 2020-02-25 | CVE-2019-12863 | Cross-site Scripting vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 3.5 |