Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-21	CVE-2022-47509	Cross-site Scripting vulnerability in Solarwinds Orion Platform The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. network low complexity solarwinds CWE-79	6.1
2022-10-20	CVE-2022-36966	Authorization Bypass Through User-Controlled Key vulnerability in Solarwinds Orion Platform Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. network low complexity solarwinds CWE-639	5.4
2021-12-20	CVE-2021-35248	Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform It has been reported that any Orion user, e.g. network low complexity solarwinds CWE-732	4.3
2021-09-01	CVE-2021-35238	Cross-site Scripting vulnerability in Solarwinds Orion Platform User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. low complexity solarwinds CWE-79	4.8
2021-08-31	CVE-2021-35239	Cross-site Scripting vulnerability in Solarwinds Orion Platform A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. network low complexity solarwinds CWE-79	5.4
2021-08-31	CVE-2021-35240	Cross-site Scripting vulnerability in Solarwinds Orion Platform A security researcher stored XSS via a Help Server setting. network low complexity solarwinds CWE-79	4.8
2021-08-31	CVE-2021-35219	Unspecified vulnerability in Solarwinds Orion Platform ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. network low complexity solarwinds	4.9
2021-07-30	CVE-2021-28674	Incorrect Authorization vulnerability in Solarwinds Orion Platform The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. network low complexity solarwinds CWE-863	5.4
2021-03-26	CVE-2021-3109	Unspecified vulnerability in Solarwinds Orion Platform The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. network low complexity solarwinds	4.8
2021-03-26	CVE-2020-35856	Cross-site Scripting vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. network low complexity solarwinds CWE-79	4.8