SolarWinds Platform Stored XSS Vulnerability 

(CVE-2024-29004)

Summary

The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. High-privileged user credentials are needed, and user interaction is required to exploit this vulnerability.

Affected Products

  • SolarWinds Platform 2024.1 SR 1 and previous versions

Fixed Software Release

Acknowledgments

  • Jakub Brzozowski, Kamil Falkiewicz, Szymon Jacek with STM Cyber

Advisory Details

Severity

7.1 High

Advisory ID

First Published

06/04/2024

Last Updated

06/04/2024