Volerion logoVolerion
Volerion logoVolerion

SolarWinds Observability Self-Hosted DOM-Based Reflective Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in SolarWinds Observability Self-Hosted. This issue arises from an unsanitized field in the URL, allowing for DOM-based reflective XSS. The vulnerability affects authenticated users with administrator-level access. Exploitation of this vulnerability requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to upgrade to SolarWinds Observability Self-Hosted version 2025.2 or later, where this vulnerability has been fixed.

Added: Jun 10, 2025, 4:49 PM
Updated: Jun 10, 2025, 4:49 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
4.5
remediation
0.0
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.