Vulnerabilities > Solarwinds > Database Performance Analyzer
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-18 | CVE-2023-33231 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer XSS attack was possible in DPA 2023.2 due to insufficient input validation | 6.1 |
2023-04-25 | CVE-2023-23837 | Improper Handling of Exceptional Conditions vulnerability in Solarwinds Database Performance Analyzer No exception handling vulnerability which revealed sensitive or excessive information to users. | 7.5 |
2023-04-25 | CVE-2023-23838 | Path Traversal vulnerability in Solarwinds Database Performance Analyzer Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | 6.5 |
2023-01-20 | CVE-2022-38110 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | 5.4 |
2022-04-21 | CVE-2021-35229 | Cross-site Scripting vulnerability in Solarwinds products Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | 6.1 |
2021-10-21 | CVE-2021-35228 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 2021.3.7388 This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. | 4.7 |
2020-12-15 | CVE-2018-16243 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.468/12.0.3074 SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. | 5.4 |
2019-08-14 | CVE-2018-19386 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457 SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | 6.1 |