First published: Tue Jul 18 2023(Updated: )
XSS attack was possible in DPA 2023.2 due to insufficient input validation
Credit: psirt@solarwinds.com psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Database Performance Analyzer | <2023.2.100 |
All SolarWinds Database Performance Analyzer customers are advised to upgrade to the latest version of the SolarWinds Database Performance Analyzer version 2023.2.100
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33231 is a vulnerability in Solarwinds Database Performance Analyzer (DPA) 2023.2 that allows for XSS attacks due to insufficient input validation.
CVE-2023-33231 has a severity rating of medium with a score of 6.1.
CVE-2023-33231 affects Solarwinds Database Performance Analyzer (DPA) 2023.2, allowing for XSS attacks due to insufficient input validation.
To fix CVE-2023-33231, upgrade Solarwinds Database Performance Analyzer (DPA) to version 2023.2.100 or later.
More information about CVE-2023-33231 can be found at the following references: [Solarwinds Security Advisories](https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33231) and [Solarwinds DPA 2023.2.100 Release Notes](https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm).