Persistent XSS Vulnerabilities in SolarWinds Database Performance Analyzer
CVE-2018-16243

5.4MEDIUM

Key Information:

Vendor: Solarwinds
Status: Database Performance Analyzer
Vendor: CVE Published:; 15 December 2020

Summary

SolarWinds Database Performance Analyzer is susceptible to persistent Cross-Site Scripting (XSS) vulnerabilities affecting various components such as logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. Attackers can exploit these vulnerabilities to inject malicious scripts into affected components, potentially compromising user data and the overall integrity of the application.

References

https://gist.github.com/james-otten/d3ee2f0fccc3b87aafe16...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 15, 2020
Vulnerability Reserved
Aug 30, 2018