SolarWinds Orion XSS Authenticated Reflected XSS via Input Param
CVE-2024-52612 Published on February 11, 2025

SolarWinds Platform Reflected Cross-Site Scripting Vulnerability
SolarWinds Platform is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. This vulnerability requires authentication by a high- privileged account to be exploitable.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2024-52612 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2024-52612

Want to know whenever a new CVE is published for Solarwinds Platform? stack.watch will email you.

Solarwinds Platform

Affected Versions

SolarWinds Platform Version 2024.4.1 and previous versions is affected by CVE-2024-52612

Exploit Probability

EPSS

0.18%

Percentile

39.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SolarWinds Orion XSS Authenticated Reflected XSS via Input ParamCVE-2024-52612 Published on February 11, 2025

Vulnerability Analysis

Weakness Type

What is a XSS Vulnerability?

Products Associated with CVE-2024-52612

Affected Versions

Exploit Probability

SolarWinds Orion XSS Authenticated Reflected XSS via Input Param
CVE-2024-52612 Published on February 11, 2025