SolarWinds Platform Cross Site Scripting Vulnerability

(CVE-2024-29003)

Summary

The SolarWinds Platform was susceptible to an XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

Affected Products

SolarWinds Platform 2024.1 and prior versions

Fixed Software Release

SolarWinds Platform 2024.1 SR 1

Acknowledgments

Jean-Michel Huguet & Arnoldas Radisauskas working with NATO

Advisory Details

Severity

7.5 High

Advisory ID

CVE-2024-29003

First Published

04/18/2024

Last Updated

04/18/2024

Fixed Version

SolarWinds Platform 2024.1 SR 1

CVSS Score

CVSS:7.5/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H