CVE-2020-14007

Name of the Vulnerable Software and Affected Versions Solarwinds Orion versions 2019.4 with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4

Description The issue allows for cross-site scripting (XSS) via a name of an alert definition. This means an attacker could potentially inject malicious scripts into the website, affecting users who access the site.

Recommendations For Solarwinds Orion version 2019.4 with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4, consider disabling the alert definition feature until a patch is available to prevent potential XSS attacks. Restrict access to the alert definition module to minimize the risk of exploitation. Avoid using user-inputted data in alert definition names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.