CVE-2020-13169

2020-09-1717:40:15

mitre

www.cve.org

stored xss

solarwinds orion

information disclosure

privilege escalation

cve-2020-13169

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

References

documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion

support.solarwinds.com/SuccessCenter/s/