CVE-2018-19386
MEDIUM NUCLEISolarWinds Database Performance Analyzer 11.1.457 - XSS
Title source: llmExploitation Summary
CVE-2018-19386 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
Nuclei Templates (1)
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
MEDIUMby pikpikcu
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://i.imgur.com/Y7t2AD6.png
Exploit, Third Party Advisory x_refsource_misc
https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
Scores
CVSS v3
6.1
EPSS
0.0908
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
solarwinds/database_performance_analyzer
11.1.457
Published
Aug 14, 2019
Tracked Since
Feb 18, 2026