CVE-2022-36965

Summary

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

Affected Software

VendorProductVersion RangeStatus
SolarWindsOrion Platform2020.2.6 and previous versions < 2022.3.0affected

Weaknesses

  • Stored and DOM XSS in QoE Applications: Orion Platform

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References