Vulnerabilities > Solarwinds > Low

DATE CVE VULNERABILITY TITLE RISK
2023-07-26 CVE-2023-33229 Code Injection vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability.
network
low complexity
solarwinds CWE-94
3.5
3.5
2021-10-21 CVE-2021-35228 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 2021.3.7388
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack.
network
high complexity
solarwinds CWE-79
2.6
2.6
2021-10-12 CVE-2021-35214 Insufficient Session Expiration vulnerability in Solarwinds Pingdom
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. 		1.9
1.9
2021-09-01 CVE-2021-35238 Cross-site Scripting vulnerability in Solarwinds Orion Platform
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
network
solarwinds CWE-79
3.5
3.5
2021-08-31 CVE-2021-35240 Cross-site Scripting vulnerability in Solarwinds Orion Platform
A security researcher stored XSS via a Help Server setting.
network
solarwinds CWE-79
3.5
3.5
2021-08-31 CVE-2021-35239 Cross-site Scripting vulnerability in Solarwinds Orion Platform
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
network
solarwinds CWE-79
3.5
3.5
2021-05-11 CVE-2021-32604 Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
network
solarwinds CWE-79
3.5
3.5
2021-05-05 CVE-2020-22428 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
network
solarwinds CWE-79
3.5
3.5
2021-03-26 CVE-2020-35856 Cross-site Scripting vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
network
solarwinds CWE-79
3.5
3.5
2021-02-03 CVE-2021-25275 Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users.
local
low complexity
solarwinds CWE-798
2.1
2.1