Vulnerabilities > Solarwinds > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-07 CVE-2020-15575 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
network
low complexity
solarwinds CWE-79
6.1
6.1
2020-07-07 CVE-2020-15573 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
network
low complexity
solarwinds CWE-79
6.1
6.1
2020-06-24 CVE-2020-14007 Cross-site Scripting vulnerability in Solarwinds products
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-06-24 CVE-2020-14006 Cross-site Scripting vulnerability in Solarwinds products
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-05-04 CVE-2019-12864 Information Exposure Through an Error Message vulnerability in Solarwinds products
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
local
low complexity
solarwinds CWE-209
5.5
5.5
2020-02-25 CVE-2019-12863 Cross-site Scripting vulnerability in Solarwinds products
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
network
low complexity
solarwinds CWE-79
4.8
4.8
2020-02-17 CVE-2019-12954 Cross-site Scripting vulnerability in Solarwinds products
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
network
low complexity
solarwinds CWE-79
5.4
5.4
2020-01-17 CVE-2019-17127 Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms.
network
low complexity
solarwinds CWE-79
6.1
6.1
2020-01-17 CVE-2019-17125 Cross-site Scripting vulnerability in Solarwinds Orion Platform 2019.2
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms.
network
low complexity
solarwinds CWE-79
6.1
6.1
2019-12-18 CVE-2019-19829 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.7
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
network
low complexity
solarwinds CWE-79
5.4
5.4