CVE-2020-13169
CRITICALSolarWinds Orion Platform < 2020.2.1 - Stored Cross-Site Scripting
Title source: llmDescription
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.solarwinds.com/SuccessCenter/s/
Release Notes, Vendor Advisory x_refsource_confirm
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
Scores
CVSS v3
9.0
EPSS
0.0153
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (1)
solarwinds/orion_platform
< 2020.2.1
Published
Sep 17, 2020
Tracked Since
Feb 18, 2026