CVE-2021-35238: 
SolarWinds Platform vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability (CVE-2021-35238) was discovered in SolarWinds Orion Platform versions 2020.2.5 and earlier. The vulnerability allowed users with Orion Platform Admin Rights to store XSS through URL POST parameter in CreateExternalWebsite website (SolarWinds Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the following vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

If exploited, this vulnerability could allow an authenticated attacker with admin rights to store malicious scripts that would execute when other users access the affected web page, potentially leading to disclosure of sensitive information or manipulation of web content (NVD).

SolarWinds has released Orion Platform 2020.2.6 Hotfix 1 to address this vulnerability. Users are advised to upgrade to this version. Additionally, SolarWinds recommends following security best practices including limiting administrative access and implementing proper network segmentation (SolarWinds Documentation).