Vulnerability Details CVE-2020-35856
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-5_release_notes.htm
- https://support.solarwinds.com/SuccessCenter/s/
- https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-5_release_notes.htm
- https://support.solarwinds.com/SuccessCenter/s/
Products affected by CVE-2020-35856
-
cpe:2.3:a:solarwinds:orion_platform:2016.1
-
cpe:2.3:a:solarwinds:orion_platform:2016.2
-
cpe:2.3:a:solarwinds:orion_platform:2017.1
-
cpe:2.3:a:solarwinds:orion_platform:2017.3
-
cpe:2.3:a:solarwinds:orion_platform:2018.2
-
cpe:2.3:a:solarwinds:orion_platform:2018.4
-
cpe:2.3:a:solarwinds:orion_platform:2019.2
-
cpe:2.3:a:solarwinds:orion_platform:2019.4
-
cpe:2.3:a:solarwinds:orion_platform:2019.4.2
-
cpe:2.3:a:solarwinds:orion_platform:2020.2
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.1
-
cpe:2.3:a:solarwinds:orion_platform:2020.2.4