Vulnerabilities > Solarwinds > Database Performance Analyzer > 11.1.468
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-18 | CVE-2023-33231 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer XSS attack was possible in DPA 2023.2 due to insufficient input validation | 6.1 |
| 2023-04-25 | CVE-2023-23837 | Improper Handling of Exceptional Conditions vulnerability in Solarwinds Database Performance Analyzer No exception handling vulnerability which revealed sensitive or excessive information to users. | 7.5 |
| 2023-04-25 | CVE-2023-23838 | Path Traversal vulnerability in Solarwinds Database Performance Analyzer Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | 6.5 |
| 2023-01-20 | CVE-2022-38110 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | 5.4 |
| 2022-04-21 | CVE-2021-35229 | Cross-site Scripting vulnerability in Solarwinds products Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | 6.1 |
| 2020-12-15 | CVE-2018-16243 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.468/12.0.3074 SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. | 5.4 |