SolarWinds Platform
Moderate fix1 remedy
cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 2023.4
- <= 2023.3
- <= 2023.2
- <= 2023.1
SolarWinds Observability Self-Hosted Cross-Site Scripting Vulnerability
Vulnerability
Patched
A cross-site scripting (XSS) vulnerability has been identified in SolarWinds Observability Self-Hosted. This issue affects user-created URL fields and requires authentication from a low-level account. The vulnerability arises from inadequate sanitization of URL inputs, allowing for the injection of malicious scripts.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Remediation
Users can upgrade to SolarWinds Observability Self-Hosted version 2025.4.1, which addresses this vulnerability. For instructions on upgrading, see the SolarWinds Platform Product Installation and Upgrade Guide.
Added: Nov 18, 2025, 9:25 AM
Updated: Nov 18, 2025, 3:05 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
1.7exploitability
4.6remediation
7.7relevance
1.1threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.