What is CVE-2021-35239?

CVE-2021-35239 is a high-severity software vulnerability (Cross-site scripting (XSS)) with a CVSS score of 7.5. A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.

Is CVE-2021-35239 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

What products does CVE-2021-35239 affect?

Tracked products affected include SolarWinds Orion. Check the version you run to see whether it is affected.

How do I fix CVE-2021-35239?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

← All products

CVE-2021-35239

HIGH severity · CVSS 7.5 · Cross-site scripting (XSS)

7.5CVSS HIGH

Summary

A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.

Impact & exploitability

Attack vectorAdjacent

Attack complexityLow

Privileges requiredLow

User interactionRequired

Confidentiality impactHigh

Integrity impactLow

Availability impactLow

Exploit probability (EPSS)1%

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Affected products we track (1)

SolarWinds Orion

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htmAdvisory
https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Stored-XSS-in-Maps-text-box-hyperlink-vulnerability-CVE-2021-35239?language=en_USAdvisory
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_USAdvisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35239Advisory