Stored XSS Vulnerability in SolarWinds Orion Platform Allows Information Disclosure and Privilege Escalation

Stored XSS Vulnerability in SolarWinds Orion Platform Allows Information Disclosure and Privilege Escalation

CVE-2020-13169 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

Learn more about our Web Application Penetration Testing UK.