CyberSec.Space Logo
Back to CVE Browser

CVE-2020-13169

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile17.62th
PublishedSep 17, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

Affected Platforms (CPE)

πŸ“¦
Solarwinds

Orion Platform

< 2020.2.1

References & Advisories

πŸ”— https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
πŸ”— https://support.solarwinds.com/SuccessCenter/s/
πŸ”— https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
πŸ”— https://support.solarwinds.com/SuccessCenter/s/

Related Vulnerabilities

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2020-101489.8

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. Thi...

CVE-2019-95469.8

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2021-272589.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2...