CVE Catalog

CVE-2023-33229

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.78%

51th percentile — higher than 51% of all known CVEs

Summary

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Risk Assessment

This threat could lead to XSS attacks, potentially resulting in data theft or session hijacking. Organizations should be aware of the risks associated with unauthorized access to their systems.

Recommendation

It is recommended to update the SolarWinds platform to the latest version and implement appropriate security measures to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS