CVE-2022-36965

medium

Description

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36965

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm#:~:text=Release%20date%3A%20May%2024%2C%202022%20These%20release%20notes%2Cissues.%20New%20features%20and%20improvements%20in%20SolarWinds%20Platform

Details

Source: Mitre, NVD

Published: 2022-09-30

Updated: 2025-05-20

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N