CVE-2018-19386

MEDIUM NUCLEI

SolarWinds Database Performance Analyzer 11.1.457 - XSS

Title source: llm

Description

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.

Nuclei Templates (1)

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

MEDIUMby pikpikcu

References (2)

[Exploit, Third Party Advisory] https://i.imgur.com/Y7t2AD6.png

[Exploit, Third Party Advisory] https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5

Scores

CVSS v3 6.1

EPSS 0.2327

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

solarwinds/database_performance_analyzer 11.1.457

Published Aug 14, 2019

Tracked Since Feb 18, 2026