Lucene search

K
cvelistSolarWindsCVELIST:CVE-2024-29003
HistoryApr 18, 2024 - 9:07 a.m.

CVE-2024-29003 SolarWinds Platform Cross Site Scripting Vulnerability

2024-04-1809:07:17
CWE-79
SolarWinds
www.cve.org
5
solarwinds
platform
cross site scripting
vulnerability
maps
user interface
authentication
user interaction

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

EPSS

0

Percentile

9.0%

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SolarWinds Platform ",
    "vendor": "SolarWinds ",
    "versions": [
      {
        "status": "affected",
        "version": "2024.1 and previous versions "
      }
    ]
  }
]

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

EPSS

0

Percentile

9.0%

Related for CVELIST:CVE-2024-29003