Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-45714 Cross-site Scripting vulnerability in Solarwinds Serv-U
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
network
low complexity
solarwinds CWE-79
4.1
4.1
2024-10-16 CVE-2024-45715 Cross-site Scripting vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
network
low complexity
solarwinds CWE-79
6.1
6.1
2024-06-04 CVE-2024-29004 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console.
network
low complexity
solarwinds
4.8
4.8
2023-11-01 CVE-2023-33228 Unspecified vulnerability in Solarwinds Network Configuration Manager
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability.
network
low complexity
solarwinds
4.9
4.9
2023-07-18 CVE-2023-33231 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
XSS attack was possible in DPA 2023.2 due to insufficient input validation
network
low complexity
solarwinds CWE-79
6.1
6.1
2023-04-25 CVE-2023-23839 Unspecified vulnerability in Solarwinds Platform
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability.
network
low complexity
solarwinds
6.5
6.5
2023-04-25 CVE-2023-23838 Path Traversal vulnerability in Solarwinds Database Performance Analyzer
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
network
low complexity
solarwinds CWE-22
6.5
6.5
2023-04-21 CVE-2022-47509 Cross-site Scripting vulnerability in Solarwinds Orion Platform
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability.
network
low complexity
solarwinds CWE-79
6.1
6.1
2023-01-20 CVE-2022-38110 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
network
low complexity
solarwinds CWE-79
5.4
5.4
2022-12-19 CVE-2022-47512 Cleartext Storage of Sensitive Information vulnerability in Solarwinds Platform 2022.4.0
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4.
local
low complexity
solarwinds CWE-312
5.5
5.5