Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-35239 Cross-site Scripting vulnerability in Solarwinds Orion Platform
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-08-31 CVE-2021-35240 Cross-site Scripting vulnerability in Solarwinds Orion Platform
A security researcher stored XSS via a Help Server setting.
network
low complexity
solarwinds CWE-79
4.8
4.8
2021-08-31 CVE-2021-35219 Unspecified vulnerability in Solarwinds Orion Platform
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
network
low complexity
solarwinds
4.9
4.9
2021-08-26 CVE-2021-32076 Authentication Bypass by Spoofing vulnerability in Solarwinds web Help Desk
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2.
network
low complexity
solarwinds CWE-290
5.3
5.3
2021-07-30 CVE-2021-28674 Incorrect Authorization vulnerability in Solarwinds Orion Platform
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions.
network
low complexity
solarwinds CWE-863
5.4
5.4
2021-05-11 CVE-2021-32604 Cross-site Scripting vulnerability in Solarwinds Serv-U
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-05-05 CVE-2021-25179 Cross-site Scripting vulnerability in Solarwinds Serv-U File Server
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
network
low complexity
solarwinds CWE-79
6.1
6.1
2021-05-05 CVE-2020-22428 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server
SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.
network
low complexity
solarwinds CWE-79
4.8
4.8
2021-03-26 CVE-2021-3109 Unspecified vulnerability in Solarwinds Orion Platform
The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account.
network
low complexity
solarwinds
4.8
4.8
2021-03-26 CVE-2020-35856 Cross-site Scripting vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
network
low complexity
solarwinds CWE-79
4.8
4.8