CVE-2022-36965
MEDIUMSolarWinds Platform < 2022.3.0 - Stored and DOM-Based Cross-Site Scripting in QoE Application Input Field
Title source: llmDescription
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965
Various Sources x_refsource_confirm
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform
Scores
CVSS v3
6.1
EPSS
0.0260
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
solarwinds/solarwinds_platform
< 2022.3.0
Published
Sep 30, 2022
Tracked Since
Feb 18, 2026