Stored and DOM XSS in QoE Applications: Orion Platform

(CVE-2022-36965)

Security Advisory Summary

Insufficient sanitization of inputs in QoE application input field could lead to stored and DOM based XSS attack. This issue is fixed and is part of the latest release for SolarWinds Platform (2022.3)

Affected Products

Orion Platform 2022.2 and earlier

Fixed Software Release

SolarWinds Platform 2022.3

Acknowledgments

Shashank Chaurasia

Advisory Details

Severity

7.1 High

Advisory ID

CVE-2022-36965

First Published

09/28/2022

Fixed Version

SolarWinds Platform 2022.3

CVSS Score

CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L