Vulnerabilities > Solarwinds > Database Performance Analyzer > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-33231 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
XSS attack was possible in DPA 2023.2 due to insufficient input validation
network
low complexity
solarwinds CWE-79
6.1
6.1
2023-04-25 CVE-2023-23838 Path Traversal vulnerability in Solarwinds Database Performance Analyzer
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
network
low complexity
solarwinds CWE-22
6.5
6.5
2023-01-20 CVE-2022-38110 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
network
low complexity
solarwinds CWE-79
5.4
5.4
2022-04-21 CVE-2021-35229 Cross-site Scripting vulnerability in Solarwinds products
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
network
solarwinds CWE-79
4.3
4.3
2019-08-14 CVE-2018-19386 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
network
solarwinds CWE-79
4.3
4.3