CVE-2021-35239

HIGH

SolarWinds Orion Platform < 2020.2.5 - Stored Cross-Site Scripting via Map Text Box Hyperlink

Title source: llm

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.

Core 4

Core References

Product, Vendor Advisory x_refsource_misc

Vendor Advisory x_refsource_misc

Vendor Advisory x_refsource_misc

Mitigation, Vendor Advisory x_refsource_misc

CVSS v3 7.5

EPSS 0.0075

EPSS Percentile 73.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-79

Status published

Products (2)

solarwinds/orion_platform 2020.2.6

solarwinds/orion_platform < 2020.2.5

Published Aug 31, 2021

Tracked Since Feb 18, 2026