CNNVD-202511-2106 Information

CNNVD ID

CNNVD-202511-2106

Related CVE

CVE-2025-26391

• CNNVD Published: 2025-11-18

Description (Chinese)

SolarWinds Observability Self-Hosted是美国SolarWinds公司的一款观察平台。 SolarWinds Observability Self-Hosted存在跨站脚本漏洞，该漏洞源于用户创建的URL字段存在跨站脚本漏洞，可能导致低权限账户进行攻击。

Description (English)

SolarWinds Observability Self-Hosted is an observation platform for SolarWinds in the United States. SolarWinds Observability Self-Hosted has a cross-site script loophole, which stems from the existence of a cross-stop script gap in the user-created URL field, which could lead to an attack on a low-authority account.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

SolarWinds

Published

2025-11-18

Last Modified

2026-02-24

References

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26391

Patch

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm