CVE-2020-14007
MEDIUMSolarWinds Orion NPM & WPM Stored XSS via Alert Definition Name
Title source: llmDescription
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894
Scores
CVSS v3
5.4
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
solarwinds/orion_network_performance_monitor
2019.4 hotfix2
solarwinds/orion_web_performance_monitor
2019.4.1
Published
Jun 24, 2020
Tracked Since
Feb 18, 2026