First published: Tue Oct 19 2021(Updated: )
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
Credit: psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Database Performance Analyzer | =2021.3.7388 |
SolarWinds recommends upgrading to the latest version of the DPA as soon as it becomes available.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35228 is a vulnerability that occurred due to missing input sanitization for one of the output fields extracted from headers on a specific section of a page, leading to a reflective cross-site scripting attack.
SolarWinds Database Performance Analyzer version 2021.3.7388 is affected by CVE-2021-35228.
The severity of CVE-2021-35228 is medium with a CVSS score of 4.7.
An attacker can exploit CVE-2021-35228 by performing a Man-in-the-Middle attack to change the header for a remote host, leading to a reflective cross-site scripting attack.
To mitigate CVE-2021-35228, it is recommended to apply the necessary patches provided by SolarWinds and ensure that input sanitization is implemented for output fields extracted from headers.