vulnerability
SolarWinds Orion Platform: Stored XSS Through URL POST Parameter In CreateExternalWebsite Vulnerability (CVE-2021-35238)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Sep 1, 2021 | Nov 30, 2021 | Nov 30, 2021 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Sep 1, 2021
Added
Nov 30, 2021
Modified
Nov 30, 2021
Description
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
Solution
solarwinds-orion-platform-upgrade-2020_2_6
References
- CVE-2021-35238
- https://attackerkb.com/topics/CVE-2021-35238
- URL-https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- URL-https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US
- URL-https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.