First published: Wed Aug 14 2019(Updated: )
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Database Performance Analyzer | =11.1.457 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19386 refers to a vulnerability in SolarWinds Database Performance Analyzer 11.1.457 that allows for Reflected XSS.
The severity level of CVE-2018-19386 is medium with a CVSS score of 6.1.
CVE-2018-19386 affects SolarWinds Database Performance Analyzer 11.1.457 by enabling Reflected XSS.
To fix the CVE-2018-19386 vulnerability, it is recommended to update SolarWinds Database Performance Analyzer to a version that addresses the security issue.
More information about CVE-2018-19386 can be found at the following links: https://i.imgur.com/Y7t2AD6.png, https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5